Nortel's  challenge  CEO  Bill  Owens  spent  his  first  year 

on  the  job  cleaning  things  up.  Now  comes  the  really  hard  part  PAGE  8. 


Open  source  play 


Flummoxed  by  expensive  manage¬ 


ment  systems,  users  are  looking  at  open  source  products.  PAGE  30. 
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Energy  firm  earns  net  award 


Renovator  Award  finalists  (from  left):  Erik  Durand  of  Psomas,  Jim  Klein 
from  the  Saugus  Union  School  District  (see  story  on  the  runners-up,  page 
16)  and  David  Stever  of  PPL 


■  BY  JOHN  DIX 

A  network  overhaul  that  linked 
corporate  locations  with  optical 
Ethernet,  built  in  QoS  for  de¬ 
manding  new  applications  and 
swapped  Centrex 
for  VoIP  earned 
PPL  Corp.  Net¬ 
work  World’s  top 
honors  in  the  first- 
ever  Renovator 
Award. 

Celebrated  at  an 
event  during  Interop  in  Las  Vegas, 
PPL  was  one  of  three  Renovator 
Award  finalists,  the  others  being 
the  Saugus  Union  School  District 
in  California,  and  Psomas,  a  civil 
engineering  company  in  Costa 
Mesa,  Calif,  (see  stories  page  16). 

The  awards,  sponsored  by 
Juniper  Networks,  were  designed 
to  recognize  outstanding  network 
projects,  with  entries  screened  by 
a  panel  of  judges  that  consisted 


of  Bob  Brown,  Network  World 
executive  news  editor;  Lee  Doyle, 
group  vice  president  at  IDC; 
Daniel  Golding,  senior  analyst  at 
Burton  Group;  Johna  Till  John¬ 
son,  chief  research  officer  of  Ne- 
mertes  Research  and  a  Network 


World  columnist;  Jeff  Wilson,  a 
principal  analyst  at  Infonetics; 
and  Robert  Whiteley  an  analyst  at 
Forrester  Research. 

PPL  took  home  the  gold  be¬ 
cause  of  the  strides  it  has 
See  Renovator,  page  14 
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Extortion 
via  DDoS 
on  the  rise 

■  BY  DENISE  PAPPALARDO  AND 
ELLEN  MESSMER 

Criminals  are  increasingly  tar¬ 
geting  corporations  with  distrib¬ 
uted  denial-of-service  attacks 
designed  not  to  disrupt  business 
networks  but  to  extort  thousands 
of  dollars  from  the  companies. 

Those  targeted  are  increasingly 
deciding  to  pay  the  extortionists 
rather  than  accept  the  conse¬ 
quences,  experts  say.  While  re¬ 
ports  of  this  type  of  crime  have 
circulated  for  several  years,  most 
victimized  companies  remain 
See  Extortion,  page  12 


Microsoft  sells 
ID  mgmt  plan 


■  BY  JOHN  FONTANA 

SAN  FRANCISCO  —  Microsoft 
last  week  laid  out  a  model  for  a 
distributed  identity  infrastructure 
designed  to  simplify  access  to 
corporate  resources  and  protect 
user  privacy  across  the  Internet. 

The  model  begins  with  a  seven- 
point  conceptual  representation 
of  digital  identity  that  Microsoft 
has  been  discussing  with  industry 
experts,  including  the  open 
source  community  for  a  month. 
Last  week,  Microsoft  released  a 
description  of  its  Identity  Meta¬ 


system  architecture,  which  ad¬ 
heres  to  the  conceptual  represen¬ 
tation. The  company  also  said  it 
was  readying  client,  server  and 
development  tools  for  users  to 
build  an  open  and  extensible 
identity  system  based  on  Web  ser¬ 
vices  protocols. 

The  goal  is  to  provide  users  with 
the  means  to  join,  or  federate, 
their  identity  systems  internally 
and  across  the  Internet  regardless 
of  the  platforms  they  run  on  or 
technology  they  use  for  identity, 
including  Kerberos, X.509  and  the 
See  Microsoft,  page  52 
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A  robot  in  your  future? 

Not  unless  you  plan  to  live 
for  a  really,  really  long  time. 


■  BY  NEAL  WEINBERG 


Joe  Engelberger 
formed  the  first 
robotics  company 
in  1957,  sold  the  first 
industrial  robotic  arm 
to  General  Motors  in 
1962  and  even  demoed 
his  Unimate  robot  on 
“The  Tonight  Show”  in  1966  in 
order  to  popularize  the  idea  that 
robots  would  one  day  be  part  of  our  daily  lives. 

Today,  we’ve  got  iFbds.Xboxes,  PDAs,  GPS,  DVDs,  DSL,  Wi-Fi, 
smart  phones,  hot  spots,  laptops  and  TiVo.  But  where  are  all  the 
robots?  Shouldn’t  we  all  have  robots  mowing  our  lawns,  clean¬ 
ing  our  houses  and  catering  to  our  every  need  by  now7 
“I’m  surprised  and  disappointed  it  hasn’t  happened,"  Engel¬ 
berger  said  last  week  at  the  RoboBusiness  Conference  in 

See  Robots,  page  10 
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Feds  seek  bids  on  $20B  telecom  project 

■  The  U.S.  government  is  seeking  bids  on  a  10-year,  $20  billion 
telecommunications  services  program  that  is  believed  to  be  the 
largest  pending  network  deal  in  the  world  —  and  carriers  say 
they’re  ready  to  respond. The  Networx  program  will  provide  legacy 
and  leading-edge  voice,  data  and  video  services  to  all  U.S.  federal 
agencies.Most  major  U.S. telecom  carriers — AT&T, MCI, SBC, Sprint, 
Qwest  and  Verizon  —  plan  to  bid  on  it.  The  General  Services  Ad¬ 
ministration  anticipates  awarding  multiple  contracts  under  its  Net¬ 
worx  program,  which  is  divided  into  two  parts:  Universal  and  Enter¬ 
prise.  Networx  Universal  covers  37  domestic  and  international  tele¬ 
com  services,  ranging  from  older  frame  relay  and  ATM  to  cutting- 
edge  VPNs  and  VoIP  Likely  Universal  bidders  include  AT&T,  MCI, 
Sprint,  SBC  and  Qwest.  Networx  Enterprise,  which  is  geared  toward 
smaller  carriers,  includes  a  core  set  of  IP  and  wireless  services  in 
particular  geographic  regions.  Likely  Enterprise  bidders  include 
Global  Crossing,  Verizon,  Level  3  Communications,  WilTel 
Communications,  IDT  and  Broadwing  Communications. 

Defense  Department  hacker  gets  jail  term 

■  A  21-year-old  Indiana  man  was  slapped  with  a  21-month  jail  sentence  for  his  role  in  a 
hacking  attack  that  compromised  computers  at  the  Department  of  Defense,  law  enforce¬ 
ment  officials  recently  revealed.The  attack,  which  was  launched  by  international  hacking 
gangThr34t  Krew,took  place  between  October  2002  and  March  2003.  Former  Thr34t  Krew 
member  Raymond  Paul  Steigerwalt  was  sentenced  for  one  count  of  conspiracy  to  com¬ 
mit  fraud  and  related  activity  in  connection  with  computers  and  one  count  of  possession 
of  child  pornography  officials  said.  He  also  was  ordered  to  pay  restitution  of  $12,000  to  the 
Defense  Department.  Steigerwalt  and  his  gang  were  accused  of  creating  a  worm  that 
infected  Internet-connected  computers.The  worm  installed  a  Trojan,  which  let  them  con¬ 
trol  infected  machines.  It  was  unclear  what  damage  was  done  at  the  Defense  Department. 

Trend  Micro  buys  anti-spyware  company 

BS  Trend  Micro  last  week  announced  its  intent  to  acquire  privately  held  InterMute  for  $15 
million.  InterMute  makes  the  SpySubtract  line  of  anti-spyware  software  products.  Trend 
Micro  last  month  released  its  own  line  of  anti-spyware  software  —  OfficeScan  Anti-Spyware 
Suite,  as  well  as  InterScan  Anti-Spyware  Suite. Trend  Micro  executives  last  week  sought  to 
assure  customers  that  the  company  would  support  the  Trend  Micro  and  InterMute  prod¬ 
ucts  for  several  months.  But  Trend  Micro  said  it  intends  to  have  an  integrated,  centrally  man¬ 
aged  anti-spyware  product  that  includes  anti-virus  protection  by  year-end. 


COMPENDIUM 

Today’s  helpful  hint 

If  ym  take  pictures  of  your  hard-working  staff  for  an  in-house  magazine,  you  might 
w  ilt  t o  make  sure  you  don't  include  any  photos  showing  whiteboards  with  people's  net- 

f*  sr  names  and  passwords.  Find  out  more  at  www.networkworld.com, 

£h)cF1  rider:  7132. 


■  TheGoodTheBadTheUgly 


<§>  “Mumbles”  the  mayor.  You  have  to  give  this  politician's  camp  points 
for  getting  ahead  of  the  tech  curve.  Boston  Mayor  Thomas  Menino  regularly  gets 
poked  fun  at  by  critics  because  of  his  mumbling  style  of  speech.  While  the  mayor 
has  actually  embraced  his  reputation  for  mumbling  to  make  him  seem  more  of  an 
everyman’s  candidate,  The  Boston  Globe  last  week  reported  that  his  camp  has  also 
gobbled  up  addresses  such  as  meninomumbles.com  just  to  make  sure  they  don’t 
fall  into  the  wrong  hands. 

w  Soccer  fans  cry  foul  over  virus.  sophosLabs  has  warned 

users,  particularly  in  Germany,  about  a  new  e-mail  worm  that  looks  like  a  free  offer 
for  2006  World  Gup  soccer  tickets.  When  the  attached  file  carried  by  the  W32/8ober- 
N  worm  is  opened  by  users,  their  machines  are  infected  and  the  worm  mass- 
mails  itself  to  other  e-mail  addresses  listed  on  the  infected  PCs.  Y 


The  Cisco  kids,  a  theft  of  computer  source  code  from  Cisco  reported 
;  a  year  ago  has  led  to  a  wide-ranging  investigation  of  potential  criminal  activity 
involving  multiple  server  break-ins  in  several  countries,  according  to  the  FBI.  Swedish 
police  recently  confiscated  computer  equipment  from  a  16-year-old  during  an 
investigation  related  to  the  Cisco  theft.  In  addition,  U.K.  police  executed  two  search 
warrants  in  September,  and  arrested  a  20-year-old  man  and  confiscated  his  computer 
equipment  before  releasing  the  suspect.  "As  a  result  of  recent  activities  that  have 
taken  place,  the  criminal  activity  appears  to  have  stopped,"  an  FBI  spokesman  says. 

Mozilla  patches  ‘extremely  critical’  Firefox  flaws 

■  The  Mozilla  Foundation  has  patched  two  “extremely  critical” security  holes  in  its  Firefox 
browser  that  were  reported  last  week.  The  flaws  have  been  patched  in  a  Firefox  1.0,4 
release,  which  was  posted  to  the  Mozilla.org  Web  site.  When  used  in  tandem,  the  two  bugs 
could  let  an  attacker  take  control  of  a  user’s  system  by  exploiting  the  way  Firefox  handles 
software  installations  from  certain  trusted  Web  sites.  The  Mozilla  Foundation  reports  54 
million  Firefox  downloads  since  the  1.0  release  in  November.  Firefox  has  6.8%  of  the  mar¬ 
ket,  according  to  WebSideStory 

Sun,  Microsoft  redux 

■  More  than  a  year  after  they  buried  the  hatchet  and  announced  a  collaboration 
agreement,  Microsoft  and  Sun  last  week  said  they  were  taking  steps  to  address  what 
Sun  called  customers’  top  request:  single  sign-on  between  Microsoft’s  Windows  Server 
and  Sun’s  Solaris  operating  system  and  Java  Enterprise  System.  Sun  and  Microsoft’s  ini¬ 
tial  work  together  has  focused  on  drafting  standards.  Last  year  they  jointly  worked  on 
two  single-sign-on  protocols;  Web  Single  Sign-On  Metadata  Exchange  and  Web  SSO 
Interoperability  Profile,  which  they  plan  to  support  in  Windows  Server  and  Java 
Enterprise  System. The  protocols  are  intended  to  enable  single  sign-on  across  domains 
using  two  different  identity  standards,  WS-Federation  and  the  Liberty  Alliance’s  Identity 
Federation  Framework. 
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NorteTs  Owens  has  his  work  cut  out 

A  year  after  taking  reins,  challenges  trump  accomplishments. 


Reversal  of  fortune 


Three  of  Nortel’s  four  business  units  experienced 
significant  declines  in  2004. 

Annual  revenue  in  millions 
Business  units 
Wireless  networks 
Enterprise  networks 
Wireline  networks 
Optical  networks 
Other 
Total 


B  BY  JIM  DUFFY 

During  his  first  year  at  the 
helm,  Bill  Owens  has  steered 
Nortel  through  perhaps  the  most 
challenging  period  in  its  110- 
year  history. 

The  company  recently  complet¬ 
ed  a  series  of  financial  restate¬ 
ments  and  now  is  emerging  from 
a  quagmire  created  by  a  massive 
accounting  scandal  that  pre¬ 
dated  Owens’  hiring  as  CEO  (he 
had  been  on  the  board  since 


2002).  Nortel  is  looking  ahead 
with  a  renewed  corporate  net¬ 
work  strategy  that  includes  an 
aggressive  campaign  to  attract 
federal  government  business  and 
is  underscored  by  the  hiring  of 
two  former  Cisco  executives  to 
top-level  positions. 

Based  on  its  most  recent  finan¬ 
cial  results,  Nortel  clearly  has  lots 
of  work  to  do.  Its  profits  plummet¬ 
ed  75%  in  the  fourth  quarter,  and 
the  company  experienced  mar¬ 
ket  share  losses  and  declining 


sales  in  LAN  switching,  wireless 
and  optical. 

Nortel,  which  expects  to  release 
first-quarter  results  later  this 
month,  declined  requests  to  inter¬ 
view  Owens.  But  during  a  recent 
conference  call  with  analysts  to 
discuss  fourth-quarter  and  full- 
year  2004  results,  he  acknowl¬ 
edged  that  last  year  was  tough. 
Owens,  who  previously  led  now- 
defunct  satellite  communications 
provider  Teledesic,  said:  “I’m  not 
happy  with  the  results  for  2004 
but  the  company  is  now  stable.” 

One  thing  Nortel  has  to  build  on 
is  its  solid  customer  base,  Owens 
said. 

“We’re  emerging  as  a  stronger 
company,  building  on  integrity 
and  ethics,”  he  added. 

Among  Owens’  accomplish¬ 
ments  as  head  of  Nortel  are: 

•  Navigating  the  company 
through  audits,  investigations  and 


1 1  We're  emerging 
as  a  stronger  com¬ 
pany,  building  on 
integrity  and 
ethics.  If 

Bill  Owens 

CEO,  Nortel 


restatements. 

•  Reorganizing  the  company 
into  carrier  and  enterprise  busi¬ 
ness  units. 

•  Naming  ex-Cisco  executives 
and  enterprise  network  industry 
veterans  Gary  Daichendt  and 
Gary  Kunis  as  president  and  COO, 
and  CFO,  respectively 

•  Maintaining  market  leader¬ 
ship  in  carrier  VoIP 

•  Acquiring  federal  systems 
integrator  PEC  Solutions  to  bet¬ 
ter  compete  on  U.S.  government 
contracts. 

•  Appointing  a  chief  compli¬ 
ance  and  ethics  officer. 

Nortel  might  be  morally 
stronger,  but  the  same  cannot  be 
said  for  its  position  in  the  market. 


The  company  remains  a  distant 
No.  2  to  Cisco  in  Ethernet  LAN 
switching.  It  lost  a  full  percentage 
point  of  share  in  2004,  to  4.7%  of 
the  $13.1  billion  worldwide  mar¬ 
ket  for  Layer  2, 3  and  4-7  switch¬ 
ing,  according  to  Dell’Oro  Group. 
In  Gigabit  Ethernet  switching, 
Nortel  forfeited  almost  two  per¬ 
centage  points,  from  7.4%  to  5.6% 
of  the  $6  billion  worldwide  mar¬ 
ket,  according  to  Dell’Oro.  Cisco 
commands  72%  of  the  Layer  2, 3 
and  4-7  Ethernet  switch  market, 
and  69%  of  the  Gigabit  Ethernet 
switch  market. 

Nortel’s  enterprise  revenue, 
which  accounts  for  24%  of  the 
company’s  annual  sales  and 
amounts  to  its  second-largest  busi¬ 
ness,  dropped  31%  in  the  fourth 
quarter  to  $651  million,  and  9%  for 
all  of  2004  to  $2.4  billion. 

Some  analysts  say  the  problem 
is  that  Nortel  doesn’t  have  the 
enterprise  “DNA,"  a  situation 
acknowledged  by  Owens  last 
summer  when  he  reorganized  the 
company 

“I’d  like  to  see  them  stop  being 
quite  so  bashful,  beat  their  chest  a 
little  bit  more  and  really  try  to 
define  themselves  as  a  major  en¬ 
terprise  vendor  instead  of  being 
happy  with  being  a  distant  No.  2,” 
says  Zeus  Kerravala,  an  analyst  at 
The  Yankee  Group. 

In  wireless  infrastructure,  which 
is  Nortel’s  biggest  business  unit 
and  accounts  for  virtually  half  of 
its  $9.8  billion  2004  revenue, 
Nortel  lost  more  than  two  per¬ 
centage  points  in  Code  Division 
Multiple  Access  (CDMA)  —  from 
21.9%  to  19.8%  of  the  $8.8  billion 
worldwide  market  in  2004,  accor¬ 
ding  to  Dell’Oro.  Nortel  also  lost 
almost  two  percentage  points  in 
the  $4.8  billion  market  for  the 
newer  Wide-band  CDMA  last  year, 
from  4.5%  to  2.8%. 

“Management  concedes  that 


the  company  has  lost  market 
share  and  that  customers  have 
been  concerned  about  the  com¬ 
pany’s  financial  difficulties, ’’stated 
UBS  Warburg  analyst  Nikos  Theo- 
dosopoulos  in  a  bulletin  on 
Nortel’s  fourth  quarter.  “We  note 
that  while  the  overall  wireless 
infrastructure  market  grew  about 
26%  in  2004,  Nortel’s  wireless  seg¬ 
ment  grew  only  10%  over  the 
same  time  frame.” 

Wireless  revenue  dropped  11% 
between  Nortel’s  third  and  fourth 
quarters.  Sales  of  wireline  equip¬ 
ment  —  which  includes  frame 
relay  and  ATM  switches  —  de¬ 
clined  19%  in  the  quarter  and  14% 
for  the  year;  and  optical  fell  28%  in 
the  quarter  and  23%  for  the  year. 

“Because  of  all  their  difficulties 
they  may  be  losing  some  ground,” 
says  Dana  Cooperson,  an  analyst 
with  RHK.  “Optical  was  always 
such  a  big  area  for  them  in  the 
past  and  they’re  having  a  little  bit 
more  trouble,  facing  a  little  bit 
more  competition  lately  in  that 
area.” 

Alcatel  and  Fujitsu  had  the 
strongest  revenue  growth  in  opti¬ 
cal  transport  in  2004,  with  29% 
and  22  % ,  respectively  according  to 
Dell’Oro.  Alcatel  is  the  revenue 
share  leader  in  this  $6.9  billion 
worldwide  market,  followed  by 
Nortel,  Lucent  and  Fujitsu. 

Nortel  also  has  been  late  ship¬ 
ping  some  key  products.  For 
example,  release  of  the  compa¬ 
ny’s  MPE  9000  multi-service  edge 
router  has  been  pushed  out  to 
mid-2005  from  late  2004.  Owens 
cited  this  delay  as  a  factor  in 
Nortel  missing  out  on  becoming 
one  of  BT’s  eight  strategic  suppli¬ 
ers  for  its  $19  billion  21st  Century 
Network  project. 

Nonetheless,  Owens  has  high 
hopes  for  2005.  Nortel  expects  to 
grow  revenue  in  the  first  quarter 
and  full  year  of  2005.  ■ 


EMC  storage  router 
to  make  debut 

■  BY  DENI  CONNOR 

EMC  this  week  is  expected  to  unveil  its  much-anticipated  storage 
router,  a  hardware  and  software  package  designed  to  optimize  use  of 
storage  resources  and  ease  the  movement  of  data  across  heteroge¬ 
neous  environments. 

The  company’s  Invista  offering,  which  EMC  officials  have  been  talk¬ 
ing  up  for  at  least  a  year,  is  set  to  debut  at  EMC’s  Technical  Summit  in 
New  Orleans.  EMC  declined  to  say  any  more  about  it  or  any  other 
new  offerings  until  this  week’s  event. 

Invista,  which  translates  into  “in  sight”  in  Italian,  is  an  out-of-band 
appliance  built  on  a  dual-node  server  cluster  that  connects  to  a  Fibre 
Channel  switch  within  a  storage-area  network  (SAN). The  appliance 
runs  software  that  inspects  every  packet  of  data  passing  from  host 
computers  through  a  Fibre  Channel  switch  to  a  storage  array  It  clas¬ 
sifies  the  data  and  assigns  it  a  unique  identifier  so  that  it  can  be  orga¬ 
nized,  tracked  and  managed  across  a  pool  of  storage  resources. 

The  storage  router  works  with  Cisco’s  MDS  9000  family  of  director- 
level  switches  and  Brocade  Communications’ Silkworm  Fabric  Appli¬ 
cation  AP7420.  It  also  will  work  with  McData’s  switches,  pending  cer¬ 
tification  from  EMC.  Invista  conforms  to  the  Fabric  Application  Inter¬ 
face  Standard,  which  features  a  common  API  for  implementing  stor¬ 
age  applications  within  a  SAN  environment. 

Invista  can  be  managed  via  a  Java-based  GUI,  command-line  inter¬ 
face  or  EMC’s  ControlCenter  software. 

Michael  Passe,  senior  storage  engineer  for  CareGroup/Beth  Israel 
Deaconess  Medical  Center  in  Boston,  says  his  team  plans  to  use  In¬ 
vista  in  conjunction  with  Cisco  MDS  9000  switches  to  virtualize  data. 
The  healthcare  outfit  has  SOT  bytes  of  data  stored  on  EMC  Symmetrix 
and  Clariion  arrays. 

EMC’s  Invista  will  compete  with  IBM’s  in-band,  fabric-based  SAN 
Volume  Controller  and  Hitachi’s  array-based  TagmaStore  array  Be¬ 
cause  Invista  delegates  I/O  processing  to  the  Fibre  Channel  switch, 
I/O  is  not  slowed,  EMC  says. The  company  says  it  expects  the  system 
to  support  30,000  to  40,000  I/Os  per  second. 

“The  fact  that  the  EMC  storage  router  doesn’t  sit  in  the  datastream  is 
key  to  scalabilitj/’  Passe  says. 

Analysts  say  the  choice  of  the  EMC  Invista  or  another  virtualization 
approach  depends  on  the  applications  a  user  wants  to  run. 

“if  you  are  looking  for  doing  volume  aggregation,  IBM’s  SAN  Volume 
Controller  or  DataCore’s  and  Falconstor’s  products  make  sense,” says 
Greg  Schulz,  an  analyst  with  Evaluator  Group. “If  you  are  looking  to 
address  things  such  as  data  movement  and  migration  and  use  an 
underlying  array,  then  the  EMC  storage  router  is  the  right  choice.” 

Invista  is  expected  to  be  priced  starting  at  about  $140,000.  ■ 
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Tools,  services  help  test  VoIP  quality 


■  BY  PHIL  HOCHMUTH 

Integrated  Research  last  week 
rolled  out  Prognosis  IP  Telephony 
Assessor  software  that  can  gener¬ 
ate  simulated  VoIP  traffic,  measure 
call  quality  and  point  out  poten¬ 
tial  network  trouble  spots. 

The  software  could  help  users 
rolling  out  IP  telephony  avoid 
costly  project  delays  and  avoid 
angering  end  users  by  identifying 
problem  areas  that  might  affect 
call  quality  before  installation. 

Meanwhile,  Empirix  is  offering  a 
similar  on-demand  VoIP  assess¬ 
ment  testing  service. 

A  recent  report  from  Deloitte  & 
Touche  says  that  poor  voice  call 
quality  and  unexpected  expenses 
from  inadequate  network  infra¬ 
structure  for  VoIP  are  issues  users 
might  run  into  if  pre-project  net¬ 
work  assessments  are  skipped. 

“Employees  are  far  less  tolerant 
of  a  malfunctioning  phone  system 
than  they  are  of  IT  breakdowns,” 
writes  Tony  Kern,  deputy  manag¬ 
ing  partner  at  Deloitte  &  Touche. 


1 3Com  to  integrate  IPS  with  switches  and  routers 


3Com  later  this  year  will  integrate  its 
intrusion-prevention  gear  with  its  net¬ 
work  equipment  in  an  effort  to  let  cus¬ 
tomers  quarantine  attacks  by  shutting 
down  switch  ports  and  redirecting  users  to 
restricted  virtual  LANs. 

The  company’s  network  switches  will 
respond  to  commands  from  its  TippingPoint 
Intrusion  Prevention  System  (IPS)  that  sits 
in-line  with  traffic,  inspecting  packets  to 
Layer  7  at  wire  speed  and  throttling  or 
blocking  suspicious  traffic.  The  IPS  will  be 
packaged  in  blades  that  plug  into  3Com 
switches  and  routers,  3Com  bought 
TippingPoint  last  year. 

With  the  new  capabilities,  the  IPS  can 
make  switches  close  ports  or  shunt  traffic 
to  secure  VLANs  to  quarantine  devices  and 


network  segments  where  worms  are  found, 
says  Kip  McClanahan,  a  president  at  3Com. 

The  capabilities  also  will  include  changing 
switch  and  router  access  lists  to  restrict 
activity  of  infected  machines  and  block  IP 
addresses.  New  software  and  hardware  will 
roll  out  over  the  next  nine  months. 

This  is  similar  to  what  other  network  ven¬ 
dors  are  planning  or  doing.  Alcatel  and 
intrusion-detection  vendors  team  up  to  use 
the  company’s  Automated  Quarantine 
Engine  in  Alcatel  switches.  Nortel's  switch¬ 
es  also  support  third-party  IDSes.  Cisco’s 
Clean  Access  software  imposes  similar 
restrictions.  Enterays's  Automated  Security 
Manager  quarantines  via  its  switches. 

3Com  still  will  sell  its  TippingPoint  gear  as 
a  device  that  can  plug  into  networks  made 


up  of  other  vendor's  gear,  McClanahan  says. 
This  puts  it  in  competition  with  other  over¬ 
lay  security  vendors  such  as  Check  Point 
Software,  Caymas  Systems,  Vernier 
Networks  and  Lockdown  Networks. 

McClanahan  says  3Com  is  tuning  its 
TippingPoint  equipment  to  support  managed 
services.  So  a  service  provider  might  install 
the  devices  in  customer  networks  and  han¬ 
dle  customers'  network  security,  he  says. 

The  company  also  will  announce  new 
TippingPoint  devices  scale  smaller  than  its 
current  offerings  to  support  networks  with 
less  traffic  as  well  as  faster  devices  for  the 
largest  backbone  networks.  The  company 
also  plans  software  upgrades  to  better 
secure  VoIP. 

—  Tim  Greene 


The  Prognosis  IP  Telephony 
Assessor  joins  Integrated  Re¬ 
search’s  current  suite  of  Prognosis 
tools.  It  runs  on  a  server  and  gen¬ 


erates  simulated  VoIP  calls,  mea¬ 
suring  the  packet  traffic  jitter  and 
packet  latency  for  the  call  streams. 
Data  that  is  collected  can  be 


turned  into  reports  that  show 
potential  problem  areas. 

For  post-installation  testing,  the 
software  also  can  be  used  to  mon- 


Sun  acquisitions  fill  out  grid  plans 


■  BY  JENNIFER  MEARS 

While  struggling  to  reinvigorate 
its  hardware  business,  Sun  contin¬ 
ues  to  focus  on  software  and  ser¬ 
vices  as  it  aims  to  change  the  way 
companies  buy  and  deploy  IT. 

The  Sun  Grid  initiative,  unveiled 
earlier  this  year  and  aimed  at 
delivering  technologies  and  ser¬ 
vices  to  users  on  a  pay-as-you-go 
basis,  is  key  to  the  effort.  A  pair 
of  acquisitions  the  company 
announced  last  week  should 
build  out  those  offerings,  and  Sun 
executives  say  more  purchases 
are  on  the  horizon. 

“Were  just  warming  up,”  says 
John  Loiacono,  executive  vice 
president  of  Sun’s  software  group. 

In  the  first  deal,  Sun  announced 
that  it  would  buy  all  of  the  intel¬ 
lectual  property  rights  to  Pro- 
corn’s  network-attached  storage 
(NAS)  technology  Sun  has  had  a 
licensing  agreement  with  Pro- 
corn  for  more  than  a  year  and 
ships  Procom’s  technology  in  its 
Sun  StorEdge  5000  family  of  NAS 
appliances.  The  $50  million  deal 
will  let  Sun  more  quickly  roll  out 
NAS  products,  and  company 
executives  indicated  the  technol¬ 
ogy  could  find  its  way  into  the 
Sun  Grid  storage  offerings. 


Eating  it  up 


Sun  hopes  acquisitions  will  help  turn  the  struggling  company  around,  it  announced 
back-to-back  deals  last  week  and  executives  say  they’re  just  getting  started.  A  look  at 
Sun’s  latest  moves: 

Technology 

Thin  client  delivery  services  for  server  apps 
regardless  of  platform. 


Network  attached  storage  technology  and 
engineering  expertise. 

Remote  system  monitoring  and  management 
for  heterogeneous  environments. 

Advanced  server  design,  focusing  on  AMD 
Opteron-based  systems.  Kealia  chief  and  Sun 
co-founder  Andy  Bechtolseim  returns. 


Company 

Mob 

Closing  date 

Tarantella 

$25  million,  cash  and 
stock 

Announced  May  10, 
expected  to  close  in 
Sun's  Q1  2006  (fall) 

Procom 

$50  million,  cash 

Announced  May  9, 
expected  to  close  in  June 

SevenSpace 

Undisclosed,  cash 

January  2005 

Kealia 

Approximmately  20 
million  shares  of 

Sun’s  common  stock 

April  2004 

The  second  deal,  with  thin 
client  firm  Tarantella,  will  beef  up 
Sun’s  Sun  Ray  thin  clients,  which 
offer  anytime,  anywhere  access  to 
its  desktop  applications.  With 
Tarantella,  Sun  will  be  able  to 
hook  into  legacy  applications, 
whether  they’re  running  on 
Windows,  Unix  or  a  mainframe. 

The  idea  is  to  be  able  to  display 
any  application  on  any  device, 
from  a  thin  client  to  a  mobile 
device,  Loiacono  says.  Today,  Sun 
partners  with  other  companies  to 
provide  that  kind  of  access,  but 


customers  must  pay  additional 
licensing  fees.  The  plan  is  to  inte¬ 
grate  Tarantella’s  Secure  Global 
Desktop  technology  into  Solaris. 

“The  bigger  picture  [with  these 
acquisitions]  is  that  we’re  build¬ 
ing  a  utility  computing  model . . . 
and  they  provide  more  possible 
services  that  we’re  going  to  inte¬ 
grate  into  the  big  Sun  Grid,” 
Loiacono  says.  “The  next  service 
you  could  see  from  us  is  display 
services,  meaning  you  can  dis¬ 
play  your  application  from  any¬ 
thing  to  anything.” 


Loiacono  wouldn’t  say  when 
such  services  would  be  available. 

Sun  needs  to  do  more  to  turn 
itself  around,  analysts  say. 

“Adding  incrementally  to  a  ser¬ 
vice-delivery  function  doesn’t 
create  a  strategic  advantage,” 
says  Joshua  Greenbaum,  princi¬ 
pal,  Enterprise  Applications 
Consulting.  “They  are  incremen¬ 
tal  little  pieces  that  Sun  is 
adding  to  its  portfolio. . . .  Their 
stock  is  abysmally  low  and  noth¬ 
ing  they’ve  done  recently  has 
helped  improve  that.”B 


itor  call-quality  levels  on  an  ongo¬ 
ing  basis.The  system  can  be  set  up 
to  alert  users  if  call  quality  falls 
below  an  acceptable  threshold. 
The  software  is  certified  to  work 
with  Cisco  AWID  architecture 
VoIP  products. 

Users  looking  to  rent  these 
kinds  of  capabilities  can  choose 
Empirix’s  Hammer  On-Call  ser¬ 
vice.  This  provides  access  to 
Empirix’s  VoIP  testing  hardware 
—  used  by  carrier-class  telecom 
gear  makers  —  on  a  per-use 
basis.The  service  can  be  used  to 
test  network  equipment  perfor¬ 
mance  under  heavy  loads  of 
VoIP  traffic.  It  also  can  test  the  IP 
traffic,  examining  VoIP  signal- 
ing/call  setup  streams  and  con¬ 
versation  streams  and  measuring 
the  call  quality  based  on  a  simu¬ 
lated  mean  opinion  score  data,  a 
scale  for  measuring  voice  quality 
in  the  voice  telecom  equipment 
industry 

The  Hammer  On-Call  service 
can  generate  simulated  H.323, 
Media  Gateway  Control  Protocol 
and  Session  Initiation  Protocol 
VoIP  protocol  conversations  as 
well  as  simulating  hybrid  IP/TDM 
network  traffic.  Reports  also  can 
be  created  that  show  graphical 
test  call  flow  charts. 

Products  similar  to  the  Empirix 
service  and  Integrated  Research 
software  include  VoIP  assessment 
tools  from  Agilient,  ClearSight, 
Fluke  Networks,  NetlQ,  Telchemy 
and  WildPackets. 

Pricing  for  the  Prognosis  soft¬ 
ware  and  Hammer  On-Call  ser¬ 
vice  is  provided  on  a  per-cus- 
tomer  basis.  ■ 
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A  look  ahead 


A  panel  of  robotics  experts  predicts  that  10  to  15  years 
from  now  there  will  be  significant  product  sales  in  the 
following  areas: 


The  Pyxis  HelpMate  is  a 
robotic  courier  used  in 
hospitals. 


Homeland  security 


Toys/entertainment 
Space  exploration 
Household  service 


92% 


92% 


83% 


75% 


75% 


Hazardous  waste/environment  67% 


(Percentage  of 
panel  agreeing) 


Robots 

continued  from  page  1 

Cambridge,  Mass.  Now  retired, 
“the  father  of  robotics,”  spoke  to 
an  overflow  crowd,  exhorting 
the  audience  of  young  entrepre¬ 
neurs  to  make  his  dream  of  an 
elder-care  robot  (which  he  first 
wrote  about  in  1989)  a  reality 
“Please,  let’s  do  it,”  he  said. 

Today  you  can  count  the  num¬ 
ber  of  successful  consumer 
products  on  one  robotic  hand. 
There  are  the  robot  vacuum 
cleaners  —  Roomba  is  the  most 
popular,  with  sales  of  1.2  million 
units.  And  there’s  Robosapien.a 
$100  toy  humanoid  robot  made 
by  Hong  Kong-based  WowWee 
(not  to  be  confused  with 
Chinese  networking  vendor 
Huawei)  that  walks,  dances, 
burps  and  moves  its  arms. 

Engelberger  seemed  dismayed. 
He  dismissed  the  toy  robot  out 
of  hand. “I  don’t  think  walking 
has  anything  at  all  to  do  with 
robots.  And  it  doesn’t  have  to 
look  like  a  human.  It  needs  to 
have  a  purpose,”  he  said. 

He  wasn’t  all  that  impressed 
with  Roomba,  a  low,  round 
appliance  that  can  get  under 
couches  and  attack  dust  bun- 
nies.“You  get  one  for  your  moth- 
er-in-law,  sit  around,  have  a  few 


drinks,  get  some  laughs  and  put 
it  away  in  the  closet,”  he  said. 

Bits  vs.  atoms 

Engelberger  and  others  at  the 
show  drew  a  sharp  contrast 
between  the  explosive  growth  of 
the  computer  industry  over  the 
past  few  decades  and  the  rela¬ 
tive  stagnation  of  the  robotics 
field.  While  venture  capitalists 
were  lining  up  to  fund  computer 
start-ups,  Engelberger,  despite 
his  impressive  resume,  was 
unable  to  get  financing  for  his 
robot  that  would  help  people 


live  at  home  rather  than  go  into 
a  nursing  home. 

The  robotics  industry  today  is 
about  as  far  along  the  road  to 
widespread  commercial  accep¬ 
tance  as  the  PC  industry  was  in 
the  1970s. The  differences  are  that 
robotics  don’t  have  an  equivalent 
of  Moore’s  Lavy  the  industry  has¬ 
n’t  settled  on  standards,  there’s 
not  much  in  the  way  of  venture 
capital  money  and  there’s  really 
no  viable  commercial  applica¬ 
tion  —  killer  or  otherwise,  said 
Paolo  Pirjanian,  chief  scientist  at 
Evolution  Robotics. 


On  the  show  floor,  several  ven¬ 
dors  displayed  small  demo 
robots  that  used  sensors  to  navi¬ 
gate  the  show  floor  —  literally 
technologies  in  search  of  an 
application.  Unfortunately  the 
economics  are  such  that  it’s 
extremely  difficult  to  build  a  true 
robot  that  can  interact  with  its 
environment  at  a  cost  that  would 
attract  consumers,  Pirjanian  said. 

The  vacuum  cleaner  is  a  good 
example.  Electrolux  tried  to 
market  a  robotic  vacuum 
cleaner  called  Trilobite  that 
uses  ultrasound  to  get  around, 
but  at  $1,800  consumers  weren’t 
biting. The  Roombas  and  e-Vacs 
are  affordable  —  between  $150 
and  $250  —  but  they  lack  the 
sophisticated  capabilities  that 
one  would  want  in  a  robotic 
vacuum  cleaner,  such  as  obsta¬ 
cle  avoidance,  the  ability  to  go 
up  and  down  steps,  and  the 
ability  to  know  where  it  had 
already  vacuumed. 

“Is  there  a  robot  in  your 
future?”  Pirjanian  asked  “Yes,  but 
we  need  to  redefine  the  stereo¬ 
type  of  the  robot  that 
Hollywood  has  created  for  us.” 
Robotic  technology  will  be 
embedded  in  other  products,  he 
predicted,  adding  that  we  won’t 
see  stand-alone,  multi-function 
robots  anytime  soon. 


That’s  not  to  say  there  wasn’t  a 
serious  buzz  of  excitement  at 
the  show.  Helen  Greiner,  who  co¬ 
founded  iRobot  15  years  ago 
when  she  was  23,  is  leading  the 
charge  for  the  next  generation 
of  robotics  pioneers.  Her  com¬ 
pany  sells  the  Roomba  and  the 
PackBot,  a  ruggedized,  25- 
pound,  tank-like  robot  that  can 
fit  in  a  soldier’s  backpack  and 
can  be  tossed  into  a  building, 
for  example,  where  its  video 
camera  will  search  for  the  pres¬ 
ence  of  enemy  soldiers. 
Individual  PackBots  are  being 
used  in  Afghanistan  and  Iraq  to 
search  inside  caves  and  other 
dangerous  places,  and  Greiner 
said  the  next  step  would  be  to 
use  swarms  of  networked 
PackBots  to  search  an  area  for 
enemy  soldiers,  mines  and 
chemicals. 

Richard  Lepack,  CEO  of 
Frontline  Robotics,  said  small, 
specialized  robots  could  be 
used  for  physical  security,  to 
patrol  the  perimeter  of  a  com¬ 
mercial  airport  or  to  keep  tabs 
on  what’s  happening  inside  a 
bank  at  night,  for  example. 

Greg  Doherty  director  of  prod¬ 
uct  and  market  development  at 
John  Deere,  said  the  farm  equip¬ 
ment  maker  is  interested  in 
building  unmanned  vehicles  that 
use  GPS  to  run  farm  equipment 
along  precise  paths.The  compa¬ 
ny  also  is  working  with  iRobot  to 
build  an  unmanned  military 
vehicle  that  is  expected  to  go 
into  early  production  in  2006. 

But  Doherty  pointed  out  that 
there  are  huge  technological 
barriers  to  overcome.  For  exam¬ 
ple,  in  early  trials  of  a  robotic 
lawn  mower,  Deere  found  that 
the  robot  perceived  tall  grass  as 
a  brick  wall.  He  said  that  tech¬ 
nologies  like  real-time  modeling 
of  the  environment,  the  ability  to 
manipulate  objects,  the  ability  to 
avoid  obstacles  and  voice 
recognition  simply  aren’t  there 
yet  and  won’t  be  for  decades. 

Bottom  line:  If  you’re  looking 
for  R2-D2,  check  out  the  next 
Star  Wars  movie.  ■ 


Vendors  automate  server  management 


■  BY  DENISE  DUBIE 

A  pair  of  vendors  this  week  separately  plan 
to  announce  products  designed  to  help 
automate  the  oversight  of  constantly  chang¬ 
ing  server  networks. 

Heroix  is  set  to  release  its  Longitude  sys¬ 
tems  management  package,  while  Opsware 
issues  Version  5. 1  of  its  Server  Automation 
Systems  (SAS)  package. 

“Management  tools  used  to  be  built  on  the 
assumption  that  the  systems  and  applica¬ 
tions  weren’t  going  to  change  much,”  says 
Jasmine  Noel,  principal  analyst  at  Ptak,  Noel 
&  Associates. 

“Now  changes  are  constant  and  manage¬ 
ment  tools  must  automatically  handle 
those  changes  in  more  advanced  environ¬ 
ments  such  as  [Java  2  Platform  Enterprise 
Edition] ,  .Net”  or  services-oriented  architec¬ 
tures,  she  says. 

In  unveiling  Longitude,  Heroix  abandons 
its  previous  use  of  management  agents  and 
replaces  it  with  automated  performance 
monitoring  across  server  platforms,  operat¬ 
ing  systems  and  applications.The  software  is 
installed  on  a  dedicated  server  and  makes 
use  of  industry-standard  APIs  to  collect  data 
from  managed  machines. 

fony  Castaldo,  IT  manager  at  Boston  Sand 
and  Gravel,  says  Longitude’s  status  dash¬ 


board  quickly  tells  him  if  any  of  the  20  or  so 
servers  scattered  across  New  England  need 
attention. 

He  installed  the  product  a  few  months  ago 
after  ruling  out  Ipswitch’s  WhatsUp  Gold 
because  of  a  lengthier  deployment  time.  He 
says  with  Longitude,  he  can  better  plan  his 
workday  around  server  health  across  distrib¬ 
uted  locations. 

“We  are  short-staffed  in  the  IT  department, 
so  I  have  the  product  set  up  to  let  me  know 
ahead  of  time  of  upcoming  problems,” 
Castaldo  says.  “It’s  crucial  for  me  to  know 
quickly  where  I  stand.” 

The  product  can  be  used  to  monitor  more 
than  250  performance  metrics  and  generate 
125  reports  on  system  health.  IT  managers 
set  up  role-based  administration  and  log  on 
to  the  Web-based  interface  from  any  loca¬ 
tion  to  check  performance  with  a  user  ID 
and  password. 

The  lack  of  agents  could  limit  the  amount 
of  remote-control  or  remediation  capabili¬ 
ties  an  IT  manager  would  have  over  a 
machine,  Noel  says,  but  the  software  can  pro¬ 
vide  access  to  performance  statistics  that 
would  help  resolve  problems. 

Longitude  costs  $300  to  $600  per  server, 
depending  on  the  platforms  and  operating 
systems  monitored.  Site  licenses  for  J2EE 
users  cost  about  $3,000. 


New  from  Opsware 

Separately,  Opsware  is  expected  to  debut  a 
feature  called  ExpressAutomation  in  the  lat¬ 
est  version  of  SAS. 

The  feature  lets  IT  managers  auto-discover 
their  server  environment  and  automatically 
distribute  agents  to  the  machines  to  be 
managed.  SAS  5.1  loads  onto  a  dedicated 
server,  which  can  be  used  to  conduct  con¬ 
figuration  and  maintenance  on  a  one-to- 
many  basis. 

Also  with  this  release,  Opsware  has  included 
a  Compliance  Automation  feature  designed 
to  help  systems  administrators  keep  servers 
and  the  software  patches  and  applications 
running  on  them  in  line  with  pre-defined 
policies. 

“Opsware  can  automatically  apply  policies 
written  once  about  Oracle,  for  example, to  all 
systems  running  Oracle,”  says  Tim  Howes,  the 
vendor’s  CTO. 

Set  for  availability  in  June,  SAS  5.0  costs 
about  $1,200  per  managed  server.  ■ 
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Correction 


■  The  story  “Unplug  and  play: 
Uniting  mobile  devices,  PBXs” 
(May  9,  page  30)  should  have 
paraphrased  Ascendent  Vice 
President  of  Marketing  Walt 
Blomquist  as  saying  there  is 
$50  billion  to  $100  billion 
invested  in  installed  PBXs  in  the 
world. 
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Extortion 

continued  from  page  1 

reluctant  to  acknowledge  the 
attacks  or  enlist  the  help  of  law 
enforcement,  resulting  in  limited 
awareness  of  the  problem  and 
few  prosecutions. 

Extortion  is  “becoming  more 
commonplace,”  says  Ed  Amoroso, 
chief  information  security  officer 
at  AT&T.  “It’s  happening  enough 
that  it  doesn’t  even  raise  an  eye¬ 
brow  anymore.” 

“In  the  past  eight  months  we 
have  seen  an  uptick  with  the 
most  organized  groups  of  attack¬ 
ers  trying  to  extort  money  from 
users,”  says  Rob  Rigby  director  of 
managed  security  services  at 
MCI. “We  try  to  do  our  best  to  get 
[customers]  through  it,  but  we 
leave  it  up  to  them  to  bring  such 
attacks  to  the  attention  of  law 
enforcement.” 

While  MCI  has  been  asked  to 
help  with  prosecutions  in  other 
cybercrime  cases,  Rigby  says  he 
does  not  recall  a  service  provider 
being  subpoenaed  in  a  distrib¬ 
uted  DoS  extortion  case. 


Quantifying  the  extortion  prob¬ 
lem  is  difficult  because  the  FBI, 
ISPs  and  third-party  research  firms 
can’t  provide  figures  on  the  num¬ 
ber  of  distributed  DoS  attacks  that 
include  demands  for  money 

The  FBI  aggressively  works 
daily  on  cases  involving  distrib¬ 
uted  DoS  attacks  and  extortion, 
says  bureau  spokesman  Paul 
Bresson. 

“Almost  all  of  them  have  an  in¬ 
ternational  connection,”  he  says. 
“There  aren’t  many  cases  where 
people  doing  this  are  from  the 
U.S,  and  many  times  it  is  a  juve¬ 
nile  subject  to  the  laws  of  another 
country’ 

Bresson  says  such  cases  have 
been  prosecuted,  although  he 
was  unable  to  cite  any  The  FBI 
continues  to  encourage  compa¬ 
nies  to  report  this  crime  to  law 
enforcement,  he  says,  yet  “we 
understand  there’s  a  reluctance 
io  do  so.” 

Art  indeterminable  number  of 
victims  are  choosing  to  meet  the 


demands  of  extortionists  rather 
than  turn  to  law  enforcement  for 
fear  of  negative  publicity  The  law 
does  not  prohibit  paying,  says 
Kathleen  Fbrter,  an  attorney  at 
Robinson  &  Cole  in  Boston,  who 
has  extensive  experience  with  e- 
commerce  and  Internet  law. 

“It’s  illegal  to  make  the  demand, 
but  it’s  not  illegal  for  companies 
to  pay  to  make  the  attacks  go 
away  It’s  analogous  to  ransom,” 
Porter  says  “It’s  something  compa¬ 
nies  are  doing  because  the  cost 
of  denial-of-service  attacks  are  so 
expensive.” 

“The  problem  is  if  companies 
keep  paying,  the  attacks  will  con¬ 
tinue,”  she  says. 

Even  those  who  don’t  pay  and 
instead  work  with  their  service 
provider  to  mitigate  an  attack  are 
leery  about  reporting  the  crime. 

“It’s  still  taboo  for  users  to  talk 
about  these  attacks,”  Rigby  says. 
“Users  worry  that  just  coming 
under  attack  can  damage  their 
brand.” 

Companies  are  not  required  by 
law  to  report  these  crimes,  Porter 
says,  and  she  suspects  a  fear  of 


being  sued  over  the  conse¬ 
quences  an  attack  might  pose  to 
one’s  customers  contributes  to 
the  reticence  of  many  to  do  so. 

“We’ve  had  [extortion  attempts] 
happen  to  our  customers,”  says 
Bruce  Schneier,  CTO  at  managed 
security  services  provider 
Counterpane  Internet  Security. 
“More  often  than  I’d  like,  they’re 
paying  up.”  Counterpane  offers 
anti-distributed  DoS  services,  he 
adds,  but  they  “aren’t  cheap.” 

Anti-distributed  DoS  services 
cost  around  $12,000  per  month 
from  carriers  such  as  AT&T  and 
MCI,  says  John  Pescatore,  Gartner 
security  analyst.The  most  popular 
type  of  anti-distributed  DoS  equip¬ 
ment  used  by  service  providers  is 
Cisco’s  Riverhead  gear  and  Arbor 
Networks’  detection  tools.  This 
equipment  can  filter  about  99%  of 
the  attack  traffic,  he  says,  although 
sometimes  network  response 
times  drop  by  a  few  seconds. 

Gartner  advises  clients  not  to 
pay  extortion  demands,  but  some 


have  nonetheless  dropped  hun¬ 
dreds  of  thousands  of  dollars  into 
Swiss  or  Cayman  Island  bank 
accounts  controlled  by  criminals, 
Pescatore  says.  “We  tell  them 
they’re  better  off  going  to  AT&T 
and  MCI  for  anti- [distributed] 
DoS  protection,”  he  adds. 

However,  when  a  business 
needs  multiple  service  providers 
for  backup  and  bandwidth,  the 
cost  for  obtaining  anti-distributed 
DoS  services  from  each  can  be 
seen  as  prohibitive. “So  they  think 
it’s  the  same  amount  of  money 
either  way  the  service  provider  or 
the  extortionist,”  he  says. 

One  company  that  refused  to 
pay,  Authorize.Net,  also  went 
public  about  its  attack.  Last  fall, 
the  Bellevue,  Wash.,  payments- 
processing  firm  that  authorizes 
credit-card  transactions  for 
more  than  114,000  merchants, 
had  its  Internet-based  service 
disrupted  by  extortionists  de¬ 
manding  payment  to  cease  a 
massive  distributed  DoS  attack. 
Authorize.Net  issued  a  state¬ 
ment  apologizing  for  the  inter¬ 
mittent  disruption  in  its  service 
and  spoke  out  about  the  extor¬ 
tion  demands. 

“Today  we’ve  not  yet  seen  a  suc¬ 
cessful  apprehension  of  anyone 
involved,”  says  Roy  Banks, 
Authorize.Net  president  “As  a  pay¬ 
ment-processing  platform  ser¬ 
vice,  we’re  prepared  in  dealing 
with  these  threats  all  the  time.  We 
see  them  regularly’ 

His  company  has  seen  “de¬ 
mands  from  $10,000  to  several 
millions,”  Banks  says.  Authorize. 
Net’s  policy  is  not  to  pay“We  typi¬ 
cally  engage  law  enforcement 
immediately,"  he  says. 

As  for  protecting  his  company 
against  future  attacks? 

“We’ve  invested  in  [distributed] 
DoS  equipment,”  says  Banks,  who 
declined  to  divulge  exactly  what 
that  would  be,  saying  he  worries 
that  might  only  help  attackers.“It’s 
a  combination  of  hardware  and 
software,  both  commercial  and 
proprietary’ 

Vendors  such  as  Mazu  Net¬ 
works,  Captus  Networks  and 
Arbor  have  products  focused  on 
mitigating  distributed  DoS  attacks. 

Banks  says  an  important  aspect 
of  distributed  DoS  defense  is 
completing  service-level  agree¬ 
ments  with  Web  hosting  and 
bandwidth  providers  to  create  a 
“framework  of  cooperation.” 

There  are  a  few  ways  these 
attacks  get  started.  In  some  cases 
businesses  receive  a  threatening 
e-mail  or  phone  call  stating  if 
they  do  not  meet  certain 
demands  they  will  be  victimized 
by  a  distributed  DoS  attack.  Most 


fcl  It's  happening  enough 
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%  Chief  information  security  officer,  AT &T 


Handling  distributed 
DoS  extortion 

Before  an  attack 


Deploy  distributed  DoS 
mitigation  tools. 

Subscribe  to  a  managed 
distributed  DoS 
mitigation  service. 

Fashion  a  service-level 
agreement  that  specifies 
how  service  providers 
should  react  to  an  attack. 

Coordinate  a  standard 
response  to  attacks 
between  business,  IT  and 
legal  departments. 

During  an  attack 


Contact  your  Web  hosting 
provider  and  ISP. 

Launch  mitigation  efforts 
per  plan. 

Contact  law  enforcement. 

After  an  attack 


Have  service  provider  give 
law  enforcement  a  detailed 
account  of  the  attack. 

Enact  "before”  tips  if  not 
already  implemented. 


often,  the  distributed  DoS  attack 
begins  and  then  the  business  is 
contacted. The  perpetrator  some¬ 
times  stops  an  attack  after  10 
minutes  or  so  and  then  contacts 
the  company  saying  if  it  doesn’t 
wire  money  to  a  specific 
account  the  extortionist  will 
resume  the  attack. 

Experts  say  the  demands  can  be 
$100,000  or  more,  but  some  crimi¬ 
nals  ask  for  smaller  amounts. 

AT&T’s  Amoroso  says  the  extor¬ 
tionists  “want  to  make  it  real  easy 
for  someone  to  pay . .  .Think  about 
it,  if  you’re  getting  pounded  and 
all  you  have  to  do  is  fork  over 
$6,000  to  this  account  and  every¬ 
thing  will  be  fine,  it  seems  easy? 

Countering  the  crime  spree  is 
likely  to  prove  more  difficult,  and 
some  say  it  will  take  an  increased 
willingness  on  the  part  of  victims 
to  go  to  the  authorities. 

“There’s  been  a  certain  laggard¬ 
ness  in  addressing  this  at  a  more 
formal  level,”  Authorize.Net’s 
Banks  says.  Speaking  out  might 
help  raise  awareness  that  ven¬ 
dors,  online  businesses  and  law 
enforcement  need  to  work 
together  more  closely  to  catch 
the  extortionists.  “This  involves 
countries  outside  the  U.S.,too,so 
we  should  really  be  dealing  with 
it  internationally  ■ 
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Billions  of  times  each  day,  the  world  interacts  with  a  company  you  may  not 
realize  is  there.  One  that  is  driving  dynamic  transformations  at  the  very 
core  of  commerce  and  communications.  VeriSign.  Through  our  Intelligent 
Infrastructure  Services,  we  enable  businesses  and  individuals  to  find, 
connect,  secure,  and  transact  across  today’s  complex  Internet,  telecom, 
and  converged  networks. 

We  operate  the  systems  that  manage  .com  and  .net,  handling  14-billion 
Web  addresses  and  emails  every  day.  We  run  one  of  the  largest  telecom 
signaling  networks  in  the  world,  enabling  services  such  as  cellular  roaming, 
text  messaging,  caller  ID,  and  multimedia  messaging.  We  manage  network 
and  user  security  for  over  3,000  global  businesses  and  400,000  Web  sites. 
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And  we  handle  over  30  percent  of  all  e-commerce  transactions  ip  North 
America,  processing  $100-million  in  daily  sales.  As  next-generation  net¬ 
works  emerge  and  converge,  VeriSign  will  be  there,  deploying,  the 
Intelligent  Infrastructure  Services  necessary  for  everything  from  RFID-  ,  ;.;: 
enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and  tichr.Ynedia 


enabled  supply  chains  to  inter-enterprise  VoIP  to  mobile  and' 
content  distribution.  -'Xi 
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Whether  you're  a  telecom  carrier  looking  to  rapidly  deploy  nevy  services:  a 
Fortune  500  enterprise  needing  comprehensive,  proactive- security  services: 
or  an  e-commerce  leader  wanting  to  securely  process  oavmehfe'^%; reduce 

fraud,  we  can  help.  We’re  VeriSign.  Where  it  all  comes 
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Where  IP  and  telecom  unite. 
Where  security  is  offensive,  not  defensive. 
Where  e-commerce  is  safe  commerce. 
Where  content  is  mobile  and  personal. 

Where  infrastructure  is  more  intelligent. 


€>  2004  VeriSign.  Inc  All  rights  reserved  VeriSign,  the  VeriSign  logo.  “Where  it  all  comes 
together."  and  other  trademarks,  service  marks,  and  designs  are  registered  or  unregistered 
trademarks  of  VeriSign  and  its  subsidiaries  in  the  United  States  and  in  foreign  countries 
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Download  now:  Free  white  paper  on  Intelligent  Infrastructure  Services 
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continued  from  page  1 

achieved  in  its  five-year  renova¬ 
tion  plan  and  the  compelling  re 
turns:  The  company  has  eliminat¬ 
ed  $1  million  in  costs  and  within 
two  years  expects  further  VoIP  de 
ployments  to  save  another  million 
per  year. 

Ranked  344  on  the  Fortune  500 
with  revenue  of  $5.8  billion,  PPL  is 
a  multinational  energy  company 
based  in  Allentown,  Pa.,  with  100 
locations  in  Pennsylvania,  Mon¬ 
tana,  Illinois  and  spots  along  the 
Eastern  Seaboard. 

David  Stever,  manager  of  com¬ 
munication  technology  services, 
says  the  company’s  network  sup¬ 
ports  some  1 1 ,000  nodes,  and  the 
centralized  information  services 
department  provides  IT  services, 
including  network  and  telecom, 
for  all  domestic  subsidiaries  and 
locations. 

Private  rings 

In  the  early  1990s,  PPL  linked  15 
of  its  major  Pennsylvania  loca¬ 
tions  with  a  private  SONET  ring 
that  the  company  built  to  monitor 
and  control  substations  by  string¬ 
ing  fiber  along  its  power  transmis¬ 
sion  towers. 

“By  the  mid-90s,  enough  of  the 
SONET  was  completed  so  we 
started  to  look  at  the  ring  as  a  way 
to  eliminate  carrier  charges,” 
Stever  says.“In  1997  we  put  an  OC- 
3  ATM  backbone  on  top  of  it.” 

Switched  Multimegabit  Data 
Service  (SMDS)  from  what  was 
then  Bell  of  Pennsylvania  was 
used  to  connect  the  SONET  back¬ 
bone  to  65  smaller  locations, 
which  included  everything  from 
power  company  garages  and 
crew  quarters  to  parts  depots. 
“SMDS  was  extremely  cost  effec¬ 


tive,”  Stever  says. 

Out-of-state  locations  were  tied 
in  using  a  mix  of  T-ls  and  frac¬ 
tional  T-ls.  When  PPL  acquired  an 
operation  in  Montana  in  1999,  for 
example,  three  T-ls  were  run  to 
the  largest  facility  there  and  a 
frame  cloud  was  used  to  pick  up 
12  surrounding  locations. 

Lessons  learned  in  the  integra¬ 
tion  of  the  Montana  facilities 
would  ultimately  guide  some  of 
the  thinking  for  the  current  net¬ 
work  renovation,  which  began 
in  2003. 

“When  we  bought  plants  in 
Montana  and  had  to  tie  them  to 
our  backbone,  convergence  was 
very  clearly  the  answer  on  the 
trunk  side  given  the  remoteness 
and  relative  lack  of  service  pro¬ 
viders,”  Stever  says.“It  was  the  only 
cost-effective  solution.  And  to  sup¬ 
port  that  we  had  to  come  up  with 
the  beginnings  of  a  QoS  scheme.” 

The  experience  left  the  team 
convinced  “the  day  for  conver¬ 
gence  would  come  and  we  better 
start  preparing  for  when  it  would 
be  appropriate  for  the  rest  of  the 
network,”  he  says. 

As  it  turns  out,  they  didn’t  have 
to  wait  long. 

The  SONET  ring  was  getting 
long  in  the  tooth,  but  what  really 
started  the  ball  rolling  was  Bell  of 
Pennsylvania’s  announcement  of 
doing  away  with  SMDS  in  2004. 

“SMDS  was  cost  effective  and 
we  went  out  with  a  [request  for  in¬ 
formation]  not  knowing  what  to 
expect. Would  a  replacement  cost 
more,  or  could  we  expect  to  get 
more  for  less?”  Stever  says. 

It  soon  became  apparent  that 
PPL  could  use  newer  and  less- 
complex  technology  to  provide 
cost  savings  while  maintaining  or 
improving  the  level  of  service 
offered  to  users,  Stever  says.“Once 


we  figured  we  could  pay  less,  we 
saw  we  could  hand  some  of  the 
money  back  to  the  business  but 
reinvest  a  good  majority  to  pre¬ 
pare  for  convergence.” 

Stever  found  the  SMDS  replace¬ 
ment  in  his  hip  pocket.  In  2000, 
PPL  had  created  a  carrier  called 
PPL  Telecom  to  offer  services 
using  some  of  the  company’s  own 
fiber  and  still  other  facilities  it  built 
or  bought.  And  the  carrier  now 
could  reach  the  SMDS  locations 
with  an  optical  Ethernet  service. 

“So  instead  of  having  to  put  a 
router  with  a  T-l  interface  and  a 
DSU/CSU  at  each  remote  location 
like  we  used  to,  they  hand  us  off 
an  Ethernet  connection,”  he  says. 

Some  locations  got  a  full  10M 
bit/sec  Ethernet  pipe,  while  others 
got  T-l  equivalents.  At  least  one- 
third  of  the  locations  migrated 
from  a  single  T-l  to  3M  bit/sec  con¬ 
nection.  “All  locations  got  more 
bandwidth,  some  marginally 
faster,  most  of  them  significantly 
faster]’  Stever  says.  At  the  other 
end,  traffic  is  delivered  to  PPL’s 
data  centers  via  multiple  100M 
bit/sec  pipes.  The  SMDS  migra¬ 
tion  was  completed  last  July. 

All  of  it  was  built  out  with  QoS- 
capable  equipment.  “When  we 
planned  out  the  SMDS  and 
SONET  networks  we  addressed 
QoS, we  made  sure  we  were  ready 
for  that  phase  when  it  would 
come,”  Stever  says.  That  included 
replacing  shared-media  equip¬ 
ment  with  QoS-capable  switches, 
and  installing  Power  over  Ether¬ 
net  capabilities  for  locations 
where  IP  phones  would  be  in¬ 
stalled  over  the  coming  years. 

The  other  half  of  the  data  net¬ 
work  renovation  is  the  SONET 
overhaul, which  is  still  in  progress. 
That  project  involves  upgrading 
the  aging  equipment  on  the  OC- 


Energizing  the  network 

PPL,  a  Fortune  500  energy  firm,  turns  to  optical  Ethernet,  VoIP  in  sweeping  overhaul. 


T-1/fractional  T-1  to  remote  locations, 
many  Inks  supporting  VoIP  trunking. 


Network-wide  QoS  supports 
VoIP,  l 


lIfeD 


Ethernet  MAN  delivers  more 
bandwidth  to  smaller  locations, 
replacing  Switched  Multimegabit 
Data  Service.  Tied  to  data  center 
via  multiple  100M  bit/sec  pipes. 


SONET  backbone  upgrade 
adds  optical  Ethernet  support 
for  17  mqjor  locations. 
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VoIP  replaces  7,000  lines  of 
Centrex,  saving  $1  million 
annually.  Further  VoIP 
migration  expected  to  generate 
another  $1  million  annually. 
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Renovator  pri 

Name: 

9file 

David  Stever 

Company/Title: 

PPL,  manager, 
communication  tech¬ 
nology  services 

V  ***** 

Job  responsibility: 

All  voice,  data  and  other 
communications  systems 
operations. 

For  domestic 

Size  of  team: 

60 

Job  tenure: 

21  years 

Project  duration: 

30  months 

Crowning  project 
achievement: 

$2  million  in  projected  savings  per  year 
through  convergence. 

Interests  outside 
of  work: 

Restoring  classic  automobiles,  nature 
photography,  performing  classical  music. 

48  ring  to  support  optical  Ether¬ 
net  ports  and  adding  two  ring 
locations  to  bring  the  total  to  17. 

Why  keep  SONET  at  all?  “We 
have  a  lot  of  legacy  applications 
that  still  need  some  of  the  tradi¬ 
tional  telephony  interfaces,” 
Stever  says.  “And  we  haven’t  fully 
converted  to  IP  PBX  trunking,  so 
we  have  a  lot  of  trunking  that 
happens  across  SONET.” 

Another  benefit  of  keeping 
SONET  vs.  going  directly  to  Ether¬ 
net  over  fiber  is  the  built-in 
SONET  protection.  “If  we  have  a 
fiber  cut  or  equipment  outage, 
instead  of  failing  over  at  Layer  2  or 
3  like  the  IP  equipment  would, 
SONET  can  recover  in  millisec¬ 
onds,  quick  enough  so  we  never 
even  see  it  from  a  Layer  2-3  per¬ 
spective,”  Stever  says.  “The  protec¬ 
tion  is  all  transparent.” 

“PPL’s  phased  approach  to  con¬ 
vergence  is  in  line  with  industry 
best  practices,”  Renovator  Award 
judge  Johnson  says.“It’s  important 
to  start  by  assessing  the  infrastruc¬ 
ture,  determining  key  require¬ 
ments  and  providing  appropriate 
QoS.  By  taking  a  holistic  approach 
to  next-generation  architecture, 
PPL  has  been  able  to  align  its 
infrastructure  with  its  business 
priorities.” 

PPL  expects  to  have  its  new 
Nortel  Optera  3500  SONET  gear  in 
place  by  June  and  cut  over  by 
year-end,  replacing  the  current 
Lucent-based  infrastructure.  Be¬ 
sides  the  traditional  telephony 
interfaces,  the  3500s  support  10M, 
100M  or  Gigabit  Ethernet  inter¬ 
faces.  “For  the  most  part  we’ll  use 
100M  bit/sec  ports,”  Stever  says. 

Convergence:  Org  first 

Stever  says  the  transformation  of 
the  data  network  will  ultimately 
improve  availability  and  perfor¬ 


mance,  while  reducing  overall 
costs  by  10%  to  15%.  Even  more 
substantial  returns  are  coming 
from  convergence,  which  PPL  is 
addressing  in  both  organizational 
and  technologic  terms. 

Working  with  VoIP  in  Montana 
showed  the  technology  was 
ready,  “but  it  also  showed  that  if 
we  tried  to  implement  it  on  a 
large  scale  with  separate  voice 
and  data  organizations  it  was 
pretty  much  doomed  to  failure,” 
Stever  says. 

So  he  combined  the  voice,  data, 
operations,  development  and 
radio  groups  into  Communica¬ 
tion  Technology  Services,  then 
carved  that  up  into  three  groups: 
operations,  network  infrastructure 
design  and  communications  ser¬ 
vices  design.Total  head  count  for 
the  three  groups  is  60. 

Network  infrastructure  deals 
with  the  physical  network  design, 
the  SONET  system,  IP  connectivity, 
optical  systems  and  circuit  pro¬ 
curement  and  management.  Com¬ 
munications  services  handles 
messaging  and  collaboration, 
e-mail,  voice  mail  and  unified 
messaging,  as  well  as  data  service 
issues  such  as  address  manage¬ 
ment,  Active  Directory  videocon¬ 
ferencing  and  network  security. 
The  operations  group  runs  it  all. 

“It  worked  out  really  really  well,” 
says  Stever,  who  has  been  invited 
to  talk  about  the  experience  at 
conferences. 

With  the  QoS  architecture  laid 
out  and  the  data  network  over¬ 
haul  under  way  PPL  started  pilot¬ 
ing  VoIP  in  earnest  in  2003. 

The  company  installed  a  Nortel 
Meridian  81c  IP-enabled  PBX  in 
headquarters,  which  had  enough 
capacity  for  the  facility’s  5,000 
lines  but  initially  only  supported 
See  Renovator,  page  52 


THE  WORLD'S  MOST  POWERFUL  EMAIL  SECURITY  APPLIANCE 


THE  IRONPORT  C-SERIES 
WITH  VIRUS  OUTBREAK  FILTERS 


IronPort  Virus  Outbreak  Filters  detect  and 
stop  viruses  before  any  other  technology. 


propagate  globally 


Today’s  email  borne  viruses 
in  hours  or  minutes,  much  faster  than  traditional 
defenses  can  react,  leaving  you  exposed  to  the 
“reaction  time  gap’’  IronPort  Virus  Outbreak 
Filters  stop  viruses  up  to  42  hours  before  tradition¬ 
al  virus  definition  files  are  available,  literally 
predicting  virus  attacks  before  they  cause  harm. 
This  astounding  solution  is  powered  by  a  series  of 
proprietary  algorithms  that  process  data  from 
IronPort’s  SenderBase®  the  world’s  first  and  largest 
email  traffic  monitoring  network.  Available  now 
at  www.ironport.com/leader 


“Virus  Outbreak 
Filters  helped  us  from  the 
first  day  we  had  It  and 
it  saves  us  significant 
clean  up  costs  during  major 
virus  outbreaks.” 


MARK  S.  DIAL 

E-Messaging  Team 
Tellabs  Inc. 


I  )  IRONPORT 


Rebuilding  the  World’s  Email  Infrastructure 


VIRUS  NAME 
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IRONPORT’S  EARLY  DETECTION  ADVANTAGE 

Multiple  “Bagle”  Variants 

r . . . 

DETECTED  41:43  hours  BEFORE  ANY  OTHER  TECHNOLOGY 

“Mydoom.BB” 

DETECTED  27:49  hours  BEFORE  ANY  OTHER  TECHNOLOGY 

“Sober.  J” 

DETECTED  10:23  hours  BEFORE  ANY  OTHER  TECHNOLOGY 

“Wurmark-D” 

DETECTED  20:05  hours  BEFORE  ANY  OTHER  TECHNOLOGY 
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Net  overhaul  alters 
engineers  work 

■  BY  DENISE  DUBIE 

Psomas  earned  a  top  spot  in  the  Network  World  Renovator  Award 
contest  for  a  network  overhaul  that  involved  migrating  from  frame 
relay  to  Multi-protocol  Label  Switching  and  implementing  a  wide- 
area  file  distribution  service  that  changed  the  way  company  engi¬ 
neers  work. 

Erik  Durand,  corporate  network  manager  at  the  civil  engineering  firm 
in  Costa  Mesa, Calif., says  he  began  the  WAN  overhaul  to  accommodate 
the  company’s  growth  and  demanding  design  tools.  Plans  called  for 
tying  six  more  remote  locations  to  Psomas’  eight  current  facilities  in  the 
coming  year,  and  longer-range  projections  forecast  head  count  almost 
doubling  to  1,000  by  2010. 

Durand  started  working  with  Sprint  in  August  2004  to  swap  his  frame 
relay  network  for  a  fully  meshed  MPLS  network.  While  the  upgrade 
wouldn’t  increase  network  speed,  it  would  allow  for  fewer  hops  be¬ 
tween  locations  and  reduce  latency  by  an  average  of  2  millisec  to  3  mil- 
lisec  on  each  hop. 

“The  MPLS  network  enabled  us  to  ‘shotgun’  our  dual  T-ls  linking  West 
Los  Angeles,  Costa  Mesa  and  Roseville,”  Durand  says.“So  instead  of  sep¬ 
arate  1.5M  bit/sec  connections  we  have  a  sin¬ 
gle  3M  bit/sec  [pipe  between  those  locations 
and  1.5M  bit/sec]  links  to  other  locations.” 

When  the  MPLS  WAN  was  cut  over  last 
November,  it  enabled  Durand  to  turn  his 
attention  to  finding  a  way  for  engineers  at  var¬ 
ious  offices  to  share  CAD  files  that  range  in 
size  from  300M  to  500M  bytes. 

“Work-sharing  between  offices  had  been 
occurring  for  some  time  but  it  was  not  a  pop¬ 
ular  option  because  it  was  cumbersome,” 
Durand  says.“In  order  for  two  or  more  offices 
to  share  work  on  a  project,  files  had  to  be 
replicated  to  each  location’s  file  server.  The 
consequence  was  that  an  engineer  in  one 
office  was  only  able  to  work  with  data  from  a 
remote  location  from  the  day  before.  It  was  costing  the  company 
money  in  duplicate  efforts  and  lost  billable  hours.” 

Durand  decided  to  use  wide-area  file  service  (WAFS)  appliances.  He 
evaluated  devices  from  several  vendors  and  settled  on  Riverbed’s  Steel- 
head  equipment.To  speed  traffic  between  clients  and  servers  and  deliv¬ 
er  LAN-like  response  times  he  installed  the  devices  at  all  branch  offices. 

The  Steelhead  appliances  understand  Microsoft’s  Common  Internet 
File  System  and  the  Unix  Network  File  System,  and  can  predict  the 
response  a  server  or  a  client  needs, such  as  an  acknowledgement.They 
also  can  produce  the  response  locally  rather  than  getting  it  from  across 
the  WAN. 

The  devices  cache  traffic  and  recognize  repeatable  patterns,  which 
means  the  next  time  a  pattern  appears  the  appliances  can  serve  up  the 
traffic  at  the  remote  end  from  cache  rather  than  transfer  it  across  the 
WAN.The  boxes  optimize  TCP  sessions  to  make  transfers  more  efficient. 

The  system  works  so  well  that  when  the  time  came  to  open  a  new 
Denver  office,  Durand  realized  he  could  do  it  without  installing  local 
gear.“With  aT-1  into  the  MPLS  WAN  and  a  Steelhead  appliance,  IT  was 
able  to  open  the  office  without  the  additional  expense  of  a  file  server, 
a  digital  linear  tape  back-up  system  or  on-site  IT  staff.” 

While  the  MPLSWAN  is  saving  Psomas  $170,000  annually  Durand  esti¬ 
mates  the  adoption  of  the  WAFS  technology  is  saving  the  company  an 
estimated  $1  million  annually 

Durand  says  the  IT  team  now  hopes  to  leverage  the  WAN  architecture 
to  converge  voice  and  video.  Psomas  has  Fblycom  videoconferencing 
units  in  each  branch  office  that  are  linked  via  dedicated  ISDN  lines.  In 
the  next  year,  he  wants  to  move  video  to  the  MPLS  WAN,  providing  fur- 
Iher  cost  savings.  Psomas  also  plans  to  migrate  two  locations  to  VoIP 
this  year,  using  ShoreTel  VoIP  equipments 


Erik  Durand's  company 
Psomas  is  saving 
$170,000  annually  by 
using  an  MPLS  WAN. 


School  district  saves  with 
VoIP,  open  source 


■  BY  PHIL  HOCHMUTH 

The  Saugus  Union  School  Dis¬ 
trict  reached  the  Network  World 
Renovator  Award  finals  for  a 
wide-ranging  network  overhaul 
that  involved  laying  a  foundation 
of  100/1000M  bit/sec  Ethernet,  in¬ 
stalling  IP-based  telephony  deliv¬ 
ering  on-demand  video  and 
migrating  50  servers  from  Novell 
NetWare  to  Red  Hat  Linux. 

Saugus  Union’s  network  revamp 
project  started  with  the  school’s 
network  team  creeping  around  in 
wiring  closets  and  wiring  ducts  in 
the  16  elementary  middle  and 
high  schools,  and  ripping  out  old 
network  gear. 

“We  had  some  ancient  stuff,” 
says  Jim  Klein,  director  of  infor¬ 
mation  services  and  technology 
for  the  school  district  in 
California. 

Klein’s  goal,  when  the  project 
began  two  years  ago,  was  a  con¬ 
verged  voice,  video  and  data  net¬ 
work  that  could  be  centrally  man¬ 
aged  and  monitored. 

The  first  step  was  taking  out  10- 
year-old  Bay  Network  lOBase-T 
hubs  and  various  10Base-2  coaxi¬ 
al  cable  links  that  tied  together 
some  school  buildings.  The  128K 
bit/sec  ISDN-based 
WAN  also  had  to  go, 
he  says. 

Klein  built  the  foun¬ 
dation  of  the  school’s 
new  multi-service 
network  on  Fast  and 
Gigabit  Ethernet 
switches  from  3Com: 

Switch  4900s  in  the 
core  of  each  building 
fanning  out  to  Super- 
Stack  3  switches  in 
wiring  closets.  Where¬ 
as  network  problems 
used  to  require  trips 
to  the  trouble  sites, 
the  3Com  gear  let 
Klein  manage  the 
network  from  his  office. 

The  school  also  upgraded  its 
WAN  with  point-to-point  T-l  lines 
anchored  by  Cisco  routers. 

With  the  foundation  in  place, 
Klein  could  next  tackle  delivering 
VoIP  In  the  past,  the  school  only 
had  phones  in  certain  adminis¬ 
trative  offices,  he  says.  The  net¬ 
work  renovation  plan  called  for 
putting  a  3Com  IP  phone  in  each 


Classes  of  service 

The  Saugus  Union  School  District  uses  3Com  IP  NBXs  and 
Cisco  routers  to  tie  together  voice  and  data. 


O  Voice  traffic  is  routed  over  the  point-  ©  Student  Internet  browsing  is  sent  through 
to-point  T-1  network,  and  not  through  the  firewall,  where  content  is  inspected 
the  firewall,  because  of  NAT  transversal  and  Web  site  restrictions  are « 
issues  with  VoIP. 


Jim  Klein  and  the  net¬ 
work  team  at  the 
Saugus  Union  School 
District  replaced 
‘ancient  stuff  with  a 
centralized,  multi-ser¬ 
vice  network. 


room  and  tying  together  all 
schools  with  free  IP  calling  over 
the  WAN. 

But  the  project  got  tricky  be¬ 
cause  telephony  traffic  had  to 
run  through  firewalls  using  net¬ 
work  address  translation  (NAT). 
The  3Com  phones  use  Layer  2 
media  access  control  addresses 
to  route  calls  over 
the  LAN;  IP  addresses 
are  picked  up  from  a 
DHCP  server  on  the 
3Com  NBX  servers 
when  routed  over  an 
IP  WAN.  When  they 
hit  the  NAT  wall,  calls 
dropped  because 
the  IP  addresses  of 
the  phones  were 
changed,  Klein  says. 

To  get  around  the 
problem,  Klein  con¬ 
figured  his  3Com 
switches  to  route  the 
calls  over  the  point- 
to-point  T-l  links,  by¬ 
passing  the  firewalls. 

The  VoIP  network  also  eliminat¬ 
ed  dozens  of  disparate  telephone 
key  systems  and  several  Centrex 
lines.  Now  calls  within  the  district 
are  free,  and  Klein  estimates  this 
saves  hundreds  of  dollars  a 
month  in  toll  charges  alone. 

But  the  biggest  payoff  stemmed 
from  the  school  district’s  migra¬ 
tion  from  NetWare  servers  to 
Linux. 


“We  were  able  to  cut  our  server 
maintenance  costs  by  $50,000 
per  year,”  Klein  says.  He  now  pays 
$50  per  server,  per  year  for  soft¬ 
ware  updates,  patches  and  sup¬ 
port,  vs.  $  1 ,000  per  server,  per  year 
with  Novell. 

Converting  the  school’s  applica¬ 
tions  from  NetWare  to  Linux  was 
uncomplicated  because  the 
major  software  vendors  were 
migrating  to  Linux,  he  says.  The 
fact  that  Novell  now  supports 
Linux  also  made  it  easier,  which 
let  the  district  keep  its  Novell 
Group  Wise  e-mail  system. 

Having  a  background  in 
Novell’s  NetWare  Directory 
Services  also  helped  the  school 
migrate  toward  Open  Lightweight 
Application  Directory  Protocol, 
which  now  is  used  to  provide  sin¬ 
gle  sign-on  accounts  and  pass¬ 
words  for  all  users. 

As  for  the  new  video  support, 
Klein  decided  it  wasn’t  practical 
to  drive  it  over  the  same  Ethernet 
infrastructure,  so  the  school 
opted  to  use  coaxial  cable. 

Digitized  content  is  stored  on 
servers  in  the  school’s  data  cen¬ 
ter  and  delivered  to  TVs  in 
classrooms.  This  means  teach¬ 
ers  can  order  digitized  content 
to  be  delivered  to  individual 
classrooms  or  groups  of  class¬ 
rooms  via  IP-based  set-top 
boxes  that  attach  to  TVs  and  the 
IP  network.  ■ 
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IBM  buys  open  source  middleware  player 

Acquiring  Gluecode  Software  broadens  Big  Blue’s  service  offerings  that  may  appeal  to  smaller  firms. 


■  BY  ANN  BEDNARZ 

IBM’s  acquisition  of  open 
source  developer  Gluecode 
Software  adds  depth  to  its  infra¬ 
structure  software  lineup  while 
providing  an  open  source  ser¬ 
vices  delivery  model.  Analysts  say 
this  will  strengthen  Big  Blue’s 
competitive  edge. 

IBM  last  week  announced  that 
it  acquired  Gluecode,  a  2-year- 
old,  privately  held  company 
based  in  El  Segundo,  Calif.,  for  an 
undisclosed  sum.  It’s  likely  among 
the  smallest  of  IBM’s  transactions 
from  a  monetary  standpoint,  but 
it  might  turn  out  to  be  its  most  sig¬ 
nificant  since  the  1995  purchase 
of  Lotus  Software,  says  Nathaniel 
Palmer,  a  chief  analyst  at  research 
firm  Delphi  Group. 

Gluecode’s  Java  application 
development  platform  —  called 
Joe  —  combines  open  source 
components  from  the  Apache 
Software  Foundation’s  portfolio, 
including  the  Pluto  portal  frame¬ 
work,  Geronimo  application  serv¬ 
er,  Derby  database  and  Agila  busi¬ 
ness  process  management 
engine. 

IBM  has  taken  heat  over  pricing 
of  its  WebSphere  Java  2  Platform 
Enterprise  application  server  plat¬ 
form,  when  compared  to  prod¬ 
ucts  from  competitors  such  as 
Sun,  BEA  Systems  and  Oracle. 


Acquiring  mindset 

IBM  has  kept  up  a  steady  acquisition  pace  this  year. 


Date 

Company 

What  IBM  gains 

Price 

May  10 

Gluecode  Software 

Open  source  infrastructure  software  and  support 
services. 

Undisclosed 

April  26 

Healthlink 

Healthcare  consulting  services  expertise. 

Undisclosed 

March  14 

Ascential  Software 

Data  integration  software. 

$1.1  billion 

Feb.  2 

Equitant 

Order  management  outsourcing  services  expertise. 

Undisclosed 

Jan.  25 

Corio 

Business  software  ASP. 

$182  million 

Jan.  7 

SRD 

Identity  resolution  software. 

Undisclosed 

With  the  Gluecode  stack  in  its 
lineup  —  including  the  freely 
available  Gluecode  Standard 
Edition  —  IBM  will  be  more 
attractive  to  small  and  midsize 
businesses,  Palmer  says.  However, 
and  even  more  importantly  the 
Gluecode  deal  will  provide  the 
WebSphere  group  with  ready¬ 
made  access  to  a  services-based 
revenue  structure,  he  says. 

Gluecode,  with  18  employees, 
built  its  business  model  around 
selling  subscription-based  sup¬ 
port  services  for  open  source 
products,  ranging  from  software 
assembly  and  delivery  to  code 
testing  and  source-code  manage¬ 
ment.  It’s  a  new  approach  for  IBM 
and  WebSphere  —  one  that  will 
let  customers  start  small,  down¬ 
load  the  code  for  free,  and  add 
services  as  their  requirements 
grow,  says  Robert  LeBlanc,  gener¬ 


Novell  snaps  up  Linux 
security  company 

■  BY  ROBERT  MCMILLAN 

Novell  last  week  said  it  has  acquired  Immunix.a  7-year-old  company 
founded  in  part  with  money  from  the  Department  of  Defense’s  central 
R&D  organization  to  develop  security  software  for  Linux. 

Terms  of  the  deal  were  not  disclosed. 

Immunix.a  Portland, Ore., company  with  15  employees,  is  best  known 
for  developing  much  of  the  Linux  Security  Modules  (LSM)  software 
used  in  the  Linux  2.6  kernel,  a  key  component  of  the  Linux  operating 
system. 

By  acquiring  the  company  Novell  hopes  to  strengthen  its  security 
product  offerings,  says  Charlie  Ungashick,  a  director  of  product  mar¬ 
keting  at  Novell. 

Immunix  sells  software,  called  AppArmor,  which  can  be  used  to 
secure  Linux-based  applications  by  limiting  how  they  can  interact  with 
hardware  within  the  computer. 

AppArmor  already  is  designed  to  work  with  Novell’s  YAST  (Yet 
Another  Setup  Tool)  management  software,  which  makes  it  a  natural 
acquisition  target,  Ungashick  says.  Novell  expects  to  begin  selling 
AppArmor,  which  will  be  re-branded  Novell  AppArmor,  within  the 
week,  he  says. 

McMillan  is  a  correspondent  with  the  IDG  News  Service. 


al  manager  of  application  and 
integration  middleware  at  IBM.  It’s 
about  “trying  to  address  a  part  of 
the  market  that  needs  a  different 
set  of  attributes  and  a  different 
way  to  acquire  products  and  get 
value,”  LeBlanc  says. 

This  is  where  business  software 
delivery  is  headed,  Palmer  says.“If 
it’s  not  exactly  this,  it  will  be 
something  like  this  —  a  lot  of 


open  source  and  a  convenient 
delivery  mechanism.” 

Putting  this  managed  delivery 
model  under  the  control  of  the 
WebSphere  group,  not  IBM’s 
Global  Services  division,  is  a  sig¬ 
nificant  move,  Palmer  says.“If  you 
approach  software  as  a  service 
from  a  traditional  outsourcing 
services  model,  it  gets  killed 
almost  immediately  because 


you’re  not  making  money  initi¬ 
ally  he  says.  “Putting  it  under 
WebSphere  gives  IBM  some  run¬ 
way  to  ramp  this  model  up.” 

Research  firm  Ovum  hailed  the 
deal  as  a  milestone  in  the  indus¬ 
try’s  move  toward  commoditized 
application  server  software.  “IBM 
sends  a  clear  message  to  com¬ 
petitors  like  BEA  that  it’s  keen  to 
see  the  application  server  market 
consolidate  and  to  get  the  players 
competing  on  the  basis  of  higher- 
level  services,”  Ovum  wrote  in  a 
research  note. 

IBM  says  it  will  continue  devel¬ 
oping  Gluecode’s  technology 
and  increase  its  contributions  to 
the  Apache  Geronimo  open 
source  application  server  soft¬ 
ware  project. 

IDG  News  Service  correspon¬ 
dent  Stacy  Cowley  contributed  to 
this  story. 


Roving  Planet  upgrades 
WLAN  management  suite 


■  BY  JOHN  COX 

Roving  Planet  has  rebuilt  its  wireless  LAN  authen¬ 
tication  software  to  let  customers  more  easily  man¬ 
age  WLANs  at  multiple  sites. 

Commander  Suite  3.0  software  is  designed  to 
secure  and  control  any  third-party  access  point  via 
SNMP  A  graphical  Web  interface  lets  administrators 
view  access  points  and  user  data  drawn  from 
numerous  sites. 

The  company  also  has  released  two  new  applica¬ 
tions  created  for  the  suite.  One,  AP  Manager,  sets 
access  point  configurations  and  updates  them.  The 
other, Scan  and  Block, scans  wireless  devices  as  they 
start  to  connect  to  the  WLAN,  checks  for  such  things 
as  updated  anti-virus  software  or  active  VPN  clients, 
and  only  then  lets  the  device  access  the  network. 

An  API  lets  third-party  applications  pass  informa¬ 
tion  to  the  Roving  Planet  software.  Company  offi¬ 
cials  say  they’ll  license  two  such  applications,  one 
for  intrusion  detection,  another  for  dynamic  radio 
frequency  management,  use  the  API  to  link  them, 
and  release  them  later  in  the  year  as  additional 
options  in  the  Commander  Suite.  They  declined  to 
say  which  vendors  were  being  considered. 

The  previous  Roving  Planet  product  had  two  com¬ 
ponents:  An  agent,  including  a  firewall,  to  monitor 
access  points;  and  a  management  application  to 
process  the  data,  display  it  via  a  Web  interface,  and 
to  set  authentication  and  security  policies. 

The  agent  is  preserved  as  the  renamed  Edge 
Defender,  which  now  oversees  about  100  access 
points.  Its  higher-level  companion  program  now  is 
called  Network  Commander,  which  works  with  sev¬ 


eral  Edge  Defenders  to  cover  a  midsize  to  large 
WLAN  site.  Network  Commander  has  been  rewritten 
in  part  to  work  with  a  new  program,  called  Global 
Commander,  which  is  designed  to  create  a  single 
view  of  large-scale,  or  multisite,  enterprise  WLANs.. 

Also  new  is  Site  Commander,  which  is  designed 
for  remote,  or  branch  office,  WLANs,  of  anywhere 
from  10  to  100  access  points,  and  about  100  to  200 
users.  This  program  blends  functions  from  both 
Edge  Defender  and  Network  Commander, 
and  can  use  a  WAN  link  to  communicate  with  the 
Global  Commander. 

The  new  Scan  and  Block  application  downloads 
to  a  WLAN  client  device  a  temporary  executable, 
about  64K  byes  of  code,  as  the  client  starts  to  con¬ 
nect  to  the  WLAN  .This  agent  collects  data  about  var¬ 
ious  programs  on  the  device,  such  as  the  current 
version  of  the  operating  system,  of  anti-virus  soft¬ 
ware,  whether  or  not  the  VPN  client  is  active.  This 
information  goes  to  one  of  the  Commander  pro¬ 
grams,  which  checks  it  against  the  user  policies. The 
Commander  can  then  grant  or  deny  access,  or  redi¬ 
rect  the  client  to  a  quarantine  Web  site. 

AP  Manager  lets  administrators  working  with  one 
of  the  Commanders  review,  monitor,  and  change 
configurations  on  the  access  points. 

Commander  Suite  3.0  is  available  noW.  Pricing 
varies  based  on  the  number  of  access  points,  num¬ 
ber  of  administrators  using  the  software,  and  the 
number  of  users  who  are  being  managed  by  a  poli¬ 
cy  created  in  the  software  (“managed  connec- 
tions”).That  translates  into  a  range  from  less  than 
$30,000  for  100  access  points,  to  $750,000  for  10,000 
access  points, according  to  the  vendor.  ■ 


Sk>wS>  items? 

BREAKTHROUGH  TECHNOLOGY  KEEPS  THEM  RUNNING  AT  TOP  SPEED 


Keep  your  systems  running  fast  —  automatically . 


One  of  the  most  common 
questions  that  comes  up  when 
talking  about  Diskeeper®  is  "Why  pay 
for  a  defragmenter  when  Windows 
has  one  for  free?" 

To  answer  this  question,  let's 
compare  defragmentation  to 
housecleaning.  Everyone's  house 
gets  dirty,  and  there  are  basically 
three  ways  to  handle  it: 

"S»Do  nothing.  The  house  gets 
dirtier  and  dirtier,  stuff  starts  to 
pile  up, the  smell  gets  worse  and 
neighbors  start  calling  the 
health  department.  Eventually 
the  house  gets  so  dirty  that  it's 
uninhabitable,  so  you  move  out 
and  find  another  place  to  live. 
(This  scenario  is  similar  to  never 
defragmenting.) 

2*  Clean  it  yourself.  This  usually 
requires  carving  at  least  an  hour 
or  so  per  day  out  of  your  free 
time.  (This  scenario  is  like 
defragmenting  your  systems 
with  a  manual  defragmenter.) 

3.  Hire  a  housecleaning  service 
to  come  in  and  clean  on  a 
regular  basis.  (Automatic 
defragmentation.) 

Do  it  yourself? 

#2  seems  like  a  reasonable 
solution.  After  all,  plenty  of  people 
clean  their  own  houses,  right?  In 
theory,  yes.  In  reality,  things  come 
up — weekend  plans,  long  work 
hours,  etc.  You  might  only  have  a  few 
minutes  to  straighten  up,  or  you 
might  skip  a  couple  of  day's  worth  of 
cleaning  altogether.  End  result:  the 
house  is  rarely  as  clean  as  it  could  be, 
and  when  you  do  clean,  it  takes 
much  longer  than  it  should. 
Likewise,  the  process  of  manual 


defragmentation  takes  so  long  and 
involves  so  much  IT  staff  time  that  it 
rarely  gets  done. 

The  most  effective  way  to  keep 
your  house  clean  is  to  have  it  done 
automatically, on  a  regular  basis.  And 
the  most  effective  way  to  keep  your 
systems  running  at  top  speed  with 
maximum  reliability  is  to  have  them 
defragmented  automatically. 

Find  the  right  solution 

Let's  say  you  hire  a  cleaning 
service  to  come  to  your  house  once 
a  week  and  scrub  the  daylights  out 
of  it.  They  vacuum  carpets,  clean 
windows,  polish  furniture,  organize 
the  attic,  etc.,  etc.  It  takes  them  all 
day  and  well  into  the  evening.  And 
while  you  like  having  a  clean  house, 
it's  annoying  to  have  to  wait  to  eat 
dinner  because  someone  is 
polishing  the  chrome  on  your 
oven  door.  Or  to  have  to  park 
on  the  street  because  someone 
was  midway  through  straightening 
up  the  garage  just  as  you  got 
home  from  work.  The  same  is 
true  of  defragmentation.  A 
defragmentation  run  that  kicks  off  at 
the  wrong  time  can  turn  into  a  major 
headache  and  seriously  disrupt  your 
organization's  workflow. 

Automation  with  convenience 

The  perfect  cleaning  service  is 
one  that  works  around  you.  You  can 
tell  them  when  you  want  them  to 
clean,  or  they  can  decide  how  often 
to  clean  based  on  how  quickly  your 
house  gets  dirty.  They  take  care  of 
the  big  stuff  first — counters,  floors, 
bathroom — so  that  you  have  a  clean 
house  as  quickly  as  possible.  Minor 


chores,  like  polishing  the  chrome  in 
the  kitchen  or  cleaning  the  garage, 
are  done  at  times  when  they  won't 
inconvenience  you.  And  if  they  do 
happen  to  be  cleaning  a  room  you 
need  to  use,  they  get  out  of  you  r  way 
immediately. 

That's  how  Diskeeper  9, 
The  Number  One  Automatic 
Defragmenter™,  works. 

Diskeeper  9: 

The  Number  One  Automatic  Defragmenter 

Diskeeper  is  a  software  system 
that  completely  eliminates  the 
problems  caused  by  fragmentation. 
Diskeeper  9  uses  unique  adaptive 
technology  that  works  around  your 
organization's  workflow.  You  can 
implement  Diskeeper  9  on  every 


server  and  workstation  right  from 
your  own  desktop.  Once  Diskeeper 
is  deployed,  the  problem  of 
fragmentation  simply  goes  away. 
Operation  of  Diskeeper  9  is  almost 
completely  transparent,  which  is 
why  we  call  it  the  "Set  It  and  Forget 
It"®  defragmenter! 

See  the  difference  for  yourself. 
Download  the  FREE  30-day  trial 
edition  of  Diskeeper  9  now! 


TRY  DISKEEPER  FREE 
FOR  30  DAYS 

www.diskeeper.com/nww9 

For  volume  license  pricing  and 
government  or  educational  discounts,  call 
800-829-6468  phone  code  4318 


Sponsored  by: 
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Lessons  from  Leading  Users 

is  the  right  RX  for  New  York  Presbyterian  Hospital 


Fiber  solves  hospital  bandwidth  crunch 

New  York  Presbyterian  Hospital  lit  up  fiber  on  three  campuses  using 
DWDM  to  give  it  plenty  of  room  for  new  high-bandwidth  applications. 


168th  SL  Columbia 
Medical  Center 

_^Adva  FSP  300Qv^| 

TnnnnnnrL-C/ 


Cisco  switch  routers 
have  their  own  fiber 
connections  for 
redundancy. 


38th  St  data  center 


Leased  fiber  for  DWDM 
boxes  can  carry  32 
separate  10G  bit/sec 
wavelengths. 


Adva  FSP  3000^1  68th  St  Cornell 
1  Medical  Center 


Adva  optical  nodes 
are  backed  up  by 
Cisco  switch  routers 
at  each  key  site. 


■  BY  TIM  GREENE 

New  York  Presbyterian  Hospital 
has  dumped  its  WAN  service 
provider  and  lit  up  leased  dark 
fiber  with  dense  wavelength  division 
multiplexing  gear  that  saves  money 
and  enables  the  hospital  to  grow  its 
network  as  it  adds  more  high-band- 
width  applications. 

Leasing  fiber  from  a  New  York-area 
network  consortium  for  research  and 
educational  organizations,  rather 
than  buying  network  services  from 
Verizon,  provides  more  bandwidth 
and  saves  the  hospital  $151,000  per 
year,  according  to  Leo  Bodden,  direc¬ 
tor  of  the  hospital’s  network  group. 
Adding  more  and  faster  lasers  with  its 
new  optical  gear  give  it  nearly  unlim¬ 
ited  bandwidth  for  future  needs. 

With  two  strands  of  fiber,  the  hospi¬ 
tal  uses  21  wavelengths  to  provide 
connections  ranging  from  10G  Ethernet 
to  Fibre  Channel  on  a  core  network 
stretching  41  miles  around  New  York  City. 
The  network  can  support  up  to  32  sepa¬ 


rate  10G  bit/sec  wavelengths  —  enough 
bandwidth  for  a  long  time,  Bodden  says. 

The  addition  of  high-bandwidth  traffic, 
including  medical  imaging,  a  mirrored 


data  center  and  storage-area  networking 
(SAN),  have  pushed  the  limits  of  New 
York  Presbyterian’s  network  since  1999. 
At  that  time,  the  hospital  had  filled  up 


its  OC-3  ATM  network  on  three  cam¬ 
puses  in  New  York  City,  so  it  consid¬ 
ered  buying  an  OC-12  SONET  net¬ 
work  from  Verizon. 

But  before  the  contract  could  be 
awarded,  the  hospital  realized  the  OC- 
12  network  would  be  overloaded  by 
the  time  it  was  built,  so  it  revised  its 
plans  upward  to  an  OC48  network. 

That  network  never  went  to  bid 
either  because  the  hospital  instead 
built  its  own  DWDM  network,  built  on 
Adva  FSP  3000  optical  switches. 

It  then  took  the  hospital  three  years 
to  put  out  its  bids  for  OC-48  SONET  re 
placement  in  2002.  The  hospital  was 
planning  a  high-bandwidth  medical 
imaging  service  called  Picture  Ar¬ 
chiving  and  Communication  System 
and  creating  a  mirrored  data  center  at 
168th  Street,  so  it  needed  room. 

By  that  time,  the  network  consor¬ 
tium  —  New  York  State  Education 
and  Research  Network  (NYSERNET)  — 
proposed  leasing  dark  fiber  in  New  York 
City  and  re-leasing  it  at  relatively  low  cost 
See  DWDM,  page  20 


Ethernet  tweaks  make  protocol  fit  for  factory  nets 


■  BY  PHIL  HOCHMUTH 

Several  efforts  in  Ethernet  development 
and  add-on  technologies  to  the  standard 
are  making  it  possible  for  lower-cost 
Ethernet  gear  to  be  deployed  in  factory 
networks,  where  LAN  gear  controls  the  pre- 


Takes 

■  IBM  last  week  released  its  first 
server  designed  to  let  firms  integrate 
their  user  identities  and  access  con¬ 
trol  platforms  with  partners  outside 
their  companies.  Tivoii  Federated 
Identity  Manager  is  standards 
based  software  that  supports  identi¬ 
ty  federation,  a  technology  that 
promises  to  make  it  easier  to  man¬ 
age  identities  as  a  means  to  secure 


cise  movements  and  actions  of  machine 
tools,  and  a  dropped  packet  or  network 
delay  can  be  costly 

One  emerging  standard  is  IEEE  1588, 
which  lets  networked  Ethernet  gear  syn¬ 
chronize  internal  clocks  according  to  a 
network  master  clock.  Another  multi-ven- 


data  sharing  between  companies.  The 
software  lets  users  authenticate  their 
corporate  networks  and  use  that  sign-on 
to  gain  access  to  services  on  a  partner's 
network.  It  supports  a  number  of  stan¬ 
dards  and  emerging  standards,  including 
Security  Assertion  Markup  Language; 
Liberty  Alliance;  and  WS-Federation,- 
Trust  and  -Security.  IBM  joins  companies 
offering  federation  servers,  including  HR 
RSA  Security,  Sun,  Oracle,  Ping  Identity 
andTrustgenix.TFIM  is  priced  per  user 


dor  technology  effort,  called  Ethernet 
Fbwerlink,  uses  a  standard  Layer  2  Ethernet 
protocol  along  with  a  time  stamp  that  oper¬ 
ates  similarly  to  TDM  technology,  where 
data  flows  are  allotted  specific,  microsec¬ 
ond  time  slots  for  transmission.This  type  of 
technology  eliminates  packet  collisions, 


and  starts  at  $69.  IBM  plans  to  offer  per- 
processor  pricing. 

■  Symantec  last  week  announced 
Mobile  Security  4.0  for  Symbian,  the 
fourth  version  of  its  anti-virus/firewall  for 
Nokia  9300  and  9500  smart  phones  and 
the  Panasonic  Series  60  smart  phone. 
The  software,  which  costs  about  $50  per 
device,  provides  anti-virus  protection  that 
can  be  updated  via  Symantec’s  Live- 
Update  service. 


which  can  cause  data  to  be  resent  on 
shared  Ethernet  LANs;  it  also  solves  net¬ 
work  latency  involved  with  packet  buffer¬ 
ing  in  switched  Ethernet. 

Manufacturers  are  looking  at  control  pro¬ 
tocols  that  run  on  Ethernet  networks  to  cut 
costs  and  bring  the  management  of  factory 
processes  into  the  domain  of  an  overall  en¬ 
terprise  IP  network. 

“If  everything  has  an  IP  address,  then  you 
know  the  status  of  any  piece  of  machinery 
or  a  system”  across  a  manufacturing  enter¬ 
prise,  says  Bob  Parker,  an  analyst  with  IDC, 
who  tracks  IT  trends  in  manufacturing. 
“Looking  at  standard,  off-the-shelf  devices 
makes  sense,”  for  deploying  in  factory  net- 
works.“lt’s  like  owning  a  boat;  anything  you 
buy  for  the  boat  that  has ‘marine’  in  front  of 
the  name  costs  twice  as  much.  It’s  the  same 
with  industrial  [IT  products] .  Buying  some¬ 
thing ‘industrial’ will  cost  twice  as  much.” 

Although  Ethernet  latencies  are  mea¬ 
sured  in  fractions  of  a  second,  they  are 
See  Ethernet,  page  20 
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Check  Point  updates  mgmt,  security  software 


m  BY  TIM  GREENE 

Check  Fbint  is  wheeling  out  a  big  software 
upgrade  across  its  product  lines  that  in¬ 
creases  security  and  makes  it  easier  for 
users  to  manage  its  platforms  day-to-day 

The  upgrade,  called  NGX,runs  on  a  dozen 
Check  Fbint  platforms,  including  its  fire¬ 
walls,  IPSec  VPN,  management  software, 
application  security  SSL  VPN,  internal  secu¬ 
rity  gateways  and  event-correlation  soft¬ 
ware.  The  goal  is  to  provide  a  unified  secu¬ 
rity  architecture  that  businesses  can  add  to 
their  networks  without  whole  upgrades  to 
network  gear,  Check  Point  says. 

Management  improvements  are  the  most 
significant  features  that  set  it  apart, says  Paul 
Stamp,  an  analyst  with  Forrester  Research. 
“This  allows  you  to  update  software  across 
different  components  and  analyze  events 
more  effectively  and  cohesively’’  he  says. 
Check  Fbint  competes  against  3Com, Cisco, 


Juniper  and  Nortel  to  sell  security  gear  that 
addresses  perimeter  and  internal  security 
NGX  software  —  which  is  part  of  a  dozen 
Check  Fbint  products  that  run  on  servers, 
clients  or  appliances  —  pulls  together  man¬ 
agement  of  Check  Fbint’s  VPN-1,  Connectra 
SSL  VPN  and  Intraspect  internal  security 
gateway  This  makes  it  possible  to  distribute 
updates  once,  rather  than  platform  by  plat¬ 
form.  Administrators  also  can  get  a  unified 
view  of  logs  from  all  three  platforms. 

But  NGX  doesn’t  let  you  change  policies 
from  one  console.  That  still  requires  three 
separate  management  applications. 

The  software  includes  SmartFbrtal,  a  new, 
read-only  Web  view  of  Check  Fbint  plat¬ 
forms  to  give  broader  access  to  security 
policies  that  have  been  set  without  com¬ 
promising  them  to  changes. 

The  feature  could  aid  help  desk  workers 
who  deal  with  complaints  that  a  certain 
application  is  inaccessible.  The  worker 


could  check  policies  via  a  SmartFbrtal  to 
determine  whether  policies  deny  a  user  ac¬ 
cess  to  the  application.  If  so,  the  caller  can 
be  passed  on  to  an  administrator  with 
authority  to  alter  the  policy  If  not,  the  help 
desk  can  continue  troubleshooting. 

NGX  supports  dynamic  routing,  which 
makes  it  possible  to  route  traffic  through 
current  IPSec  tunnels.  So  if  a  tunnel  fails, 
routers  can  find  alternative  tunnels  over 
which  to  direct  traffic.  Previously,  Check 
Fbint  software  used  static  routes  that  had  to 
be  changed  manually  on  each  device. 

For  instance,  the  Department  of  Public 
Safety  and  Correctional  Services  in  Mary¬ 
land  uses  NGX  to  connect  430  law- 
enforcement  sites  via  an  IPSec  VPN.  Dy¬ 
namic  routing  makes  it  easier  to  set  up 
new  sites  and  change  policies  for  current 
sites,  says  Victor  Fooks,  chief  network  offi¬ 
cer  in  the  division  of  IT  and  communica¬ 
tion  for  the  Maryland  Department  of 


Public  Safety  and  Correction  Services. 

Rather  than  reconfigure  each  VPN-1  Edge 
appliance  to  accommodate  a  new  site,  he 
changes  the  central  firewall  settings  and 
policies  in  the  network  routers.  Dynamic 
routing  lets  routing  protocols,  such  as 
Border  Gateway  Protocol  and  Open 
Shortest  Path  First,  decide  which  tunnels  are 
best  to  route  traffic  to  its  destination. 

Fooks  says  he  is  testing  NGX’s  support  for 
securing  VoIP  as  groundwork  for  his  depart¬ 
ment  adopting  it.  NGX  makes  it  easier  for  IP 
voice  traffic  to  survive  network  address 
translation  (NAT)  as  it  crosses  Check  Fbint 
firewalls.  NAT  masks  the  IP  addresses  of  pri¬ 
vate  networks,  which  make  it  difficult  for  in¬ 
coming  phone  calls  to  find  the  end  devices 
they  are  looking  for. 

Check  Point  says  NGX  is  set  to  be  avail¬ 
able  May  30.  It  comes  as  an  upgrade  in  cus¬ 
tomer-support  contracts,  and  ships  with 
new  platforms.  ■ 
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to  members.  The  hospital  had  tried  to 
lease  dark  fiber  but  couldn’t  afford  it. 

The  hospital  bought  in  to  the  NYSER- 
NET  proposal  and  pays  NYSERNET 
$542,000  per  year  for  the  fiber,  Bodden 
says.  That’s  down  from  the  $693,000  it 
paid  Verizon  last  year  for  its  OC-3  net¬ 
work  that  had  been  supplemented  with 
DS-3s  until  the  new  network  came  on¬ 
line  earlier  this  year. 

The  Adva  DWDM  gear  cost  $1.5  mil¬ 
lion  to  buy  as  opposed  to  the  other  bid 
the  hospital  got  —  $4  million  for  Cisco 
15454  optical  gear.  Besides  the  price,  the 
hospital  preferred  the  Adva  equipment 
because  if  one  node  fails,  it  passes  traf¬ 
fic  through  as  if  it  weren’t  there,  and  the 
other  nodes  still  can  receive  traffic.  But 
Cisco’s  gear  terminated  all  traffic  at 
every  node,  not  letting  traffic  through, 
Bodden  says. 

This  was  a  key  consideration  be¬ 
cause  38th  Street  has  only  battery 
backup,  and  a  power  outage  could  run 
down  the  battery  and  bring  down  the 
node,  he  says. 

He  also  says  he  liked  the  simplicity  of 
the  Adva  FSP  3000  gear. The  Adva  lasers 
are  set  to  be  slightly  overpowered  to 
work  without  adjustment  even  under 
slightly  changing  conditions.The  Cisco 
gear  tunes  itself  on  an  ongoing  basis  to 
adapt  to  changes. 

So  far  the  hospital  has  lit  up  21  wave¬ 
lengths  on  the  network,  two  at  10G 
oit/sec, others  at  1G  carrying  10G  Ether¬ 
net  and  Fibre  Channel.  Bandwidth  can 
be  boosted  by  increasing  laser  speed 
or  adding  more  lasers,  Bodden  says.  ■ 


Switching  time 

With  IEEE  1588  technology,  a  master  switch  keeps  exact  time  for  other  devices 
on  the  network.  Ethernet  switches  that  can  keep  precisely  synchronized 
time  can  be  deployed  in  low-cost  industrial  automation  networks. 


O  A  master  switch  node  with  IEEE  1588  capabilities  sends  a  synchronization  request  to  slave  switches.  The  synchronization 
message  includes  a  time  stamp  of  the  master  dock.  A  Wlow-up  message  is  sent  to  the  slaves  with  different,  tin*  stamps. 

©  The  slave  uses  the  two  messages  to  determine  how  far  off  its  clock  is  running.  It  then  sends  back  a  “delay 
request”  message  to  the  master. 

©  The  master  returns  a  “delay  response”  message  to  the  slave  with  another  master  time  stamp.  This  fete  the  slave  eafeulate 
the  time  delay  of  the  network,  because  of  latency  or  other  factors,  and  reset  its  dock  to  synchronize  with  the  master. 


Ethernet 

continued  from  page  19 

unacceptable  to  precision  industrial  pro¬ 
cesses,  where  machines  can  receive  hun¬ 
dreds  of  control  instructions  in  seconds. 
Missing  one  command  could  be  disas¬ 
trous,  says  Markus  Sandhoefner,  a  marketer 
with  B&R  Industrial  Automation,  which 
makes  an  Ethernet  Powerlink  software 
stack  for  standard  network  gear. 

“Ethernet  is  a  great,  low-cost  technology?’ 
Sandhoefner  says,  “but  it’s  not  the  most 
deterministic.  If  you  have  two  real-time 
messages  waiting  in  an  [Ethernet]  switch 
queue, you’ll  be  in  trouble  if  you’re  running 
applications  such  as  motion  control.” 

B&R  is  part  of  the  Ethernet  Powerlink 
Standards  Group,  which  includes  165  ven¬ 
dors  of  automation  and  control  products. 
The  group’s  aim  is  to  migrate  legacy  proto¬ 
cols  such  as  ModBus  used  in  factory  floors 
to  Ethernet-based  technology 

Eagle  Manufacturing  of  Shelby  Township, 
Mich.,  recently  deployed  Ethernet  Fbwer- 
Iink  gear  from  B&R  to  control  its  line  of 
machine  tool  equipment  used  to  manu¬ 
facture  automobile  components  — 
specifically  car  window  frames  and  seals. 

Machines  on  this  line  can  change  com¬ 
ponents  on  the  fly  to  process  materials  for 
several  vehicle  types,  says  Brent  Short,  presi¬ 
dent  of  the  company  This  process  lets  the 
small  component  maker  create  a  range  of 
products  without  stopping  production  to 
refit  equipment. 

Time-sensitive  applications,  such  as  VoIP 
or  video,  can  falter  when  packet  delivery 
rises  above  100  millisec  of  delay.  With 
Eagle’s  machines  cutting  materials  at  pre¬ 
cisely  eight  thousandths  of  a  second  and 
running  at  50  feet  per  second,  the  delay  of 
control  messages  sent  to  the  equipment 
must  be  about  800  microsec  (800  thou¬ 
sandths  of  a  millisec,  or  800  millionths  of  a 
second).  The  Ethernet  Fbwerlink  network 
provides  preciseness. 


Another  factor  in  plant  networks  is  time 
synchronization  of  network-  and  computer- 
controlled  machinery  Like  Ethernet  Fbwer¬ 
link,  IEEE  1588  uses  time-stamping  proto¬ 
cols  to  ensure  that  clocks  are  synchronized. 

One  vendor  driving  IEEE  1588  is  Intel, 
which  makes  network  processors  with  inte¬ 
grated  time-stamping  technology  into 
Ethernet  controllers  and  switch  silicon.The 
use  of  IEEE  1588  in  standards-based  net¬ 
work  gear  in  factories  will  help  manufac¬ 
tures  cut  costs  by  eliminating  expensive, 
custom-made  or  proprietary  industrial 
automation  communication  technologies, 
says  Puneet  Sharma,  technical  marketing 
engineer  for  Intel’s  Digital  Enterprise  Group. 
But  to  gain  the  reliability  of  the  network 


technologies  that  Ethernet  may  replace, 
something  extra  must  be  added. 

''Time-synchronization  protocols,  such  as 
Network  Time  Protocol,  are  not  reliable 
enough  and  do  not  provide  sufficient  reso¬ 
lution  to  be  useful  for  industrial  automation 
applications,” Sharma  writes  in  an  IEEE  1588 
application  report. 

That  means  IEEE  1588  defined  technol¬ 
ogy  would  need  to  run  in  network  gear 
along  with  standard  802.3  Ethernet  and  a 
TCP/IP  stack.This  combination  would  let 
a  Layer  2/3  Ethernet  LAN  act  as  a  preci¬ 
sion-control  network,  where  factory  floor 
machines  can  be  controlled.  Ethernet 
Powerlink  Version  3  is  set  to  be  released 
later  this  year.  ■ 


Intel®  Xeon™  Processor  power,  more  expandability  and  more  manageability.  For  less  money.  The  HP  ProLiant  ML150  G2  gives  you  the  power  and 


reliability  you  need  now  with  room  to  grow  as  your  business  grows.  It  has  dual  Xeon™  Processor  capability  and  hot-pluggable  SATA  or  SCSI  drives 
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maximum  flexibility.  Try  to  get  that  level  of  expandability  from  our  competitors  at  this  price.  And  only  HP  offers  a  remote  management  option  with  its 
Lights-Out  100  Card.  Add  a  DAT  72  tape  drive,  and  your  compliance  and  backup  issues  are  addressed— more  securely  and  affordably.  These  are  just 
two  HP  Smart  Office  Solutions  that  give  you  more  expertise,  technology,  more  service  and  more  support.  To  get  more  without  paying  more,  run  over  to  HP. 


Save  up  to  $203] 


HP  ProLiant  ML150  SERVER 

$925 

•  Intel®  Xeon™  Processor  (3GHz 
Dual-Processor  Capable)2 

•  512MB  PC2700  DDR  ECC  SDRAM 

•  Broadcom  5721  PCI-Express  Gigabit  NIC 
(embedded) 

•  4  Port  SATA  Adapter  in  a  PCI  slot(optional  SATA 
RAID  Controller  available) 

•  80GB  SATA  Hard  Disc  Drive  (Hot-Plug 
Capable)5 

•  48X  IDE  CD  ROM  Drive,  floppy  drive4 

•  5U  Tower  Chassis 

•  Hardware  limited  warranty,  1 -year  parts,  1-year 
labor,  1  -year  on-site  support3 


Add  secure  backup. 


HP  STORAGE  WORKS 
DAT  72  TAPE  DRIVE 

-  72GB  (using  2:1  compression)  on  a  single  cartridge 

-  21.6GB/hr.  maximum  transfer  rate  (compressed) 

-  Reads  and  writes  DAT  72,  DDS-4  and  DDS-3  media 

-  Includes  One-Button  Disaster  Recovery  for  quick 
service  restores 

$799 

$100  instant  savings 

($899  -  $100  instant  savings  =  $799)6 


MORE  ADVICE  |  MORE  TECHNOLOGY  I  MORE  SUPPORT 


Save  even  more  with  HP  Smart  Buys. 

See  our  site  below  for  more  choices  and  more  savings. 


call  1-888-277-9608 


invent 


click  www.hp.com/go/ML150mag8 
visit  your  local  HP  reseller 


Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount,  are  good  while  supplies  last 
and  are  available  from  HP  Direct  and  participating  HP  resellers.  All  featured  offers  available  in  U.S.  only.  1 .  Savings  based  on  HP  published  list  price  of  configure-to-order  equivalent.  2.  Intel’s  numbering  is  not  a  measurement  of  higher  performance.  3.  Certain  warranty  restrictions 
and  exclusions  may  apply.  For  complete  warranty  details,  call  1-800-345-1518  (U.S.).  4. 48X  Max  CD-ROM  Drive  data  transfer  rates  vary  from  6,750  Kbps  to  7,800  Kbps.  5.  For  hard  drives,  GB=billion  bytes.  6.  $100  instant  savings  offer  valid  on  qualifying  HP  StorageWorks 
DAT  72  tape  drives  only  through  6/30/05.  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P. 


Spam  and  virus  protection  at  an  affordable  price. 


•  No  per  user  license  fees 

•  Prices  starting  at  $1399 

•  Powerful,  enterprise-class  solution 


Barracuda  Spam  Firewall 


.  C  myright  2005,  Barracuda  Networks,  Inc.  All  rights  reserved.  Reclaim  Your  Email, and  Barracuda  Spam  Firewall  are  either 
remarks  or  registered  trademarks  of  Barracuda  Networks.  Inc.  and/or  it  subsidies  in  the  United  States  and/or  other  countries. 


\  Order  a  free  evaluation  unit  at 
i  www.barracudanetworks.com 


Aggressive  Reseller  Program 

POWERFUL  EASY  TO  USE  AFFORDABLE  Get  more  info  by  visiting  www.barracudanetworks.com/NECC 

or  by  calling  1-888-ANTI-SPAfVf  or  408-342-5400 
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Start-up  tackles  server  management 


■  SYMBIUM 


Location: 

Ottawa 

Founded: 

2002 

Employees: 

50 

Management: 

Ben  Robitaille,  president  and  CEO;  Jay  Litkey,  founder/vice  president 
of  technology;Tony  White,  CTO. 

Primary 

product: 

Intelligent  Secure  Autonomic  Controller,  a  computer  on  a  card 
that  fits  into  a  server's  PCI  or  PCI-X  slot  to  provide  automated, 
policy-based  management  for  hardware,  operating  systems  and 
applications. 

Funding: 

$7.75  million 

Customers: 

75  deployments,  including  Nerds  on  Site,  ABM  Integrated  Solutions. 

■  BY  JENNIFER  MEARS 

Taking  its  cue  from  the  telecom  industry, 
where  uptime  and  reliability  are  critical,  a 
start-up  says  it  has  the  answer  for  network 
managers  dealing  with  the  costs  and 
headaches  associated  with  managing 
servers. 

After  almost  three  years  in  stealth  mode 
doing  research  and  development,  Sym- 
bium  officially  launched  late  last  month 
with  the  introduction  of  its  Intelligent 
Secure  Autonomic  Controller  (ISAC).  ISAC 
is  a  computer  on  a  card  that  fits  into  a  serv¬ 
er’s  PCI  or  PCI-X  slot  to  provide  automated, 
policy-based  management  for  hardware, 
operating  systems  and  applications. 

Because  ISAC  is  independent  of  hard¬ 
ware,  the  overhead  is  about  1%  to  2%,  com¬ 
pared  with  as  much  as  20%  with  software 
agents,  and  it  can  operate  regardless  of  the 


■  IBM  has  quietly  begun  taking 
orders  for  its  first  ultra-thin  blade 
server  to  be  based  on  Advanced 
Micro  Devices’  Opteron  micro¬ 
processor.  Called  the  AMD  Opteron 
LS20,  the  server  is  based  on  IBM's 
BladeCenter  design  and  will  be  avail¬ 
able  with  a  special  low-power  version 
of  the  Opteron.  The  server,  which  will 
be  the  third  Opteron  product  to  be 
sold  by  IBM,  will  begin  shipping  in 
June,  an  IBM  spokesman  says.  Pricing 
starts  at  $2,259  for  servers  based  on 
the  Model  246  processor  with  1G  byte 
of  memory. 

■  HP  and  Sepaton,  a  virtual  tape 
start-up  company,  are  expected  to 
announce  this  week  at  HP’s  Storage- 
Works  user  conference  an  OEM 
agreement  for  HP  to  market  a  disk- 
based  data  protection  appliance. 
Sepaton’s  S2100-ES  appliance  is  the 
basis  of  HP’s  StorageWorks  6000 
Virtual  Library  System,  which  allows 
customers  to  accelerate  their  back¬ 
up  performance  by  using  disk  rather 
than  tape.  Sepaton's  appliance  has  a 
capacity  of  1  petabyte.  Pricing  infor¬ 
mation  was  not  available. 


state  of  the  server, says  Jay  LitkeySymbium’s 
founder  and  vice  president  of  technology 

ISAC  performs  a  variety  of  tasks,  including 
real-time  fault  recovery  root-cause  analyses, 
unauthorized  software/task  blocking  and 
scheduled  automation  of  preventive  main¬ 
tenance  routines. 

“Today  the  approach  is  people  pile  loads 
of  software  on  a  computer  to  try  to  manage 
it,”  Litkey  says.  “That’s  not  the  way  to  go.  The 
more  software  you  put  on  a  computer,  the 
more  problems  you  could  have.” 

Litkey  says  the  idea  for  ISAC  stems  from 
his  experience  at  Bell  Northern  and  Nortel, 
where  he  worked  on  control-plane  systems 
for  the  telecom  industry  Control  planes  are 
separate  computer  systems  that  fit  into  net¬ 
work  switches  to  monitor,  manage  and  cor¬ 
rect  problems. 

The  telecom  industry  understood  the 
importance  of  having  a  physical  separation 
between  devices  being  managed  and  man¬ 
agement  tools.  “We  saw  that  this  concept 
didn’t  exist  in  the  IT  world,”  Litkey  says. 

Litkey  compares  ISAC  with  a  flight  data 
recorder  and  an  autopilot  for  servers, 
recording  trouble-causing  information  and 
preventing  crashes  whenever  possible. 

When  a  problem  occurs,  ISAC  sends  an 
e-mail  alert  to  system  administrators  and 
takes  system  snapshots  to  ensure  that  the 
root  cause  of  the  problem  is  recorded. 

IT  services  firm  Nerds  On  Site  has  been 


■  BY  JENNIFER  MEARS 

While  Weather  Central’s  newspaper  divi¬ 
sion  has  exploited  Apple’s  advanced  graph¬ 
ics  features  and  manageability  for  years,  it 
has  struggled  to  integrate  the  Mac  environ¬ 
ment  with  Windows. 

The  latest  release  of  Apple’s  Mac  OS  X 
operating  system,  code-named  Tiger, 
should  address  that  concern,  says  Chuck 
Sholdt,  vice  president  of  operations  and  co¬ 
owner  of  the  daily  weather  map  provider  in 
Madison, Wis. 

Mac  OS  X  10.4  officially  launched  late  last 
month  and  includes  more  than  200  new 
features,  including  native  64-bit  support  on 
the  server  and  an  advanced  search  tool, 
called  Spotlight,  on  the  desktop.  Version 
10.4  integrates  more  than  100  open  source 
projects  into  the  Unix-based  server  operat¬ 
ing  system,  including  the  open  source  file 


testing  ISAC  for  a  few  months.  James 
Keenleyside-R.ich ter,  data  center  manager  at 
the  company  in  London,  Ontario,  says  that 
maintenance  time  has  been  slashed  by 
about  half  as  a  result  of  ISAC. 

“ISAC  does  a  lot  of  the  simple  tasks  that 
we  would  have  had  to  go  on-site  for,”  he 
says.“It  allows  us  to  remotely  look  in.” 

In  addition,  ISAC  can  automatically  cor¬ 
rect  problems  such  as  by  rebooting  an 
Exchange  server. 

“Once  you  see  a  problem, you  can  tell  the 
card  to  fix  that  problem  itself  the  next  time 
it  happens,”  Keenleyside-Richter  says. 

ISAC  is  not  intended  to  compete  with  sys¬ 
tem  administration  tools  such  as  HP’s 


and  print  server  Samba,  the  Apache  Web 
server  and  Open  Directory. 

Open  Directory  which  enables  Mac  sys¬ 
tems  to  plug  into  proprietary  directory 
environments  such  as  Microsoft’s  Active 
Directory  is  a  key  feature  for  Sholdt,  who 
has  been  testing  Mac  OS  X  10.4  for  more 
than  a  year  and  likes  what  he  sees. 

Version  10.3,  also  called  Panther,  was  in¬ 
tended  to  make  it  easier  to  integrate  Macs 
with  Windows  and  Linux  environments. 
But  logons  and  permissions  had  to  be 
maintained  separately“So  we  weren’t  really 
a  member  of  the  rest  of  the  network.  With 
Open  Directory  we  can  link  to  our  domain 
server  and  become  full-fledged  members 
of  the  Windows  world,”  Sholdt  says. 

In  addition,  new  access  control  lists  in 
Tiger  give  users  the  ability  to  set  detailed 
permissions  for  files  and  network  services, 
a  capability  that  goes  beyond  traditional 


OpenView  or  IBM’s  Tivoli,  but  rather  could 
complement  them  approaches,  Litkey  says. 
Still,  analysts  say  the  greatest  challenge  for 
Symbium  will  be  explaining  how  its  tech¬ 
nology  fits  in. 

“They’re  really  making  some  very  big 
claims  about  their  ability  to  deliver  levels  of 
service  on  technologies  that  every  major 
player  is  focused  on  right  now?’ says  Charles 
King,  principal  analyst  at  Pund-IT  Research. 

Symbium  ISAC  is  available  for  Windows 
servers  now,  while  a  version  for  Linux  is  slat¬ 
ed  to  be  available  early  next  year.  Support 
for  Solaris  and  VMware  also  is  planned, 
Litkey  says.  ISAC  is  priced  starting  at  $62 
per  month,  per  server.  ■ 


Unix  permissions.  Other  updates  in  Tiger 
include  the  iChat  server,  which  enables 
users  to  set  up  multi-user  chat  environ¬ 
ments  based  on  the  open  source  Jabber 
protocol  and  integration  of  Xgrid,  Apple’s 
clustering  software. 

While  Apple  has  a  solid  product  with 
Tiger, analysts  say  the  challenge  will  be  get¬ 
ting  more  IT  executives  to  take  a  look  at  the 
operating  system. 

Apple  is  barely  a  blip  in  the  operating 
system  market,  lumped  into  the  “other  cat¬ 
egory”  in  a  stagnant  Unix  market  that 
accounted  for  just  11.2%  of  worldwide 
server  operating  environment  software 
shipments  in  2004,  according  to  IDC. 

Mac  OS  X  Server  10.4  costs  roughly  $500 
for  a  10-client  license  and  twice  that  for  an 
unlimited  client  license. The  desktop  oper¬ 
ating  system  starts  at  $129  for  a  single  -user 
license.* 


Apple  OS  gains  Windows  hooks 


mm 

WINDOWS 

Dave 

Kearns 


Running  Microsoft's  R2  up  a  flagpole 

A 


fter  more  than  a  year  of  hype,  rumor 
and  heightened  expectations,  Micro¬ 
soft  finally  has  put  out  a  version  of 
Windows  Server  2003  R2  for  us  to  look  at, 
take  a  test  drive  with  or  rush  into  produc¬ 


tion  because  we  need  its  features  now.  If 
any  of  you  believe  you  need  to  rush  this 
public  beta  onto  your  production  servers, 
the  line  at  the  unemployment  office  is 
forming  to  the  right. 
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I  convinced  my  boss  to  get 
this  big  honkin’  collaboration 
infrastructure  only  a  genius 
like  me  could  ever  use. 
Check  it  out  on  my  blog 
at  vsAvw.frankwillis.com 

-  Frank  Willis 


c Q 


IPSW1TCH" 


Collaboration  Suite 


Ipswitch  Collaboration  Suite,  the  solution  for  small 
and  mid-sized  business  collaboration  that  just  works. 

Use  Microsoft®Outlook®  or  your  browser  to  connect 
to  a  powerful  industry-leading  messaging  server.  Communicate  in  real  time  with  anyone 
in  your  company  using  secure  instant  messaging.  Streamline  group  collaboration  with 
shared  calendars  and  free-busy  meeting  scheduling.  Reduce  junk  e-mail  and  stop 
viruses.  All  this,  and  Ipswitch  Collaboration  Suite  is  easy  to  install,  manage  and  use. 
Play  it  “safe”  like  Frank.  Or  be  smart.  Go  to  www. i pswitch . com  and  find  success 
with  Ipswitch  Collaboration  Suite. 


Smart 


Proven 


Reliable 


60  million 

mailboxes  worldwide 


I  P  S  W  I  T  C  H 


www.ipswitch.com  or  call  800-793-  >25 


©2005  Ipswitch,  Inc.  All  product  names  are  the  property  of  their  respective  owners. 


This  is  a  beta  release.  A  mostly  “feature 
complete”  beta  release,  but  still  beta.  If  you 
want  to  see  what  the  hoopla  is  about,  run 
it  up  on  a  test  server.  Compare  the  new 
features  with  those  available  from  both 
Microsoft  and  third  parties.  Start  thinking 
about  what  you  might  want  to  accomplish 
with  this  “refreshed”  operating  system,  but 
be  sure  not  to  plan  to  roll  it  out  anytime 
this  year  —  it  won’t  be  ready 

Just  as  I  wrote  about  Apple’s  rollout  of 
the  new  Macintosh  operating  system, 
there’s  nothing  in  R2  that’s  not  already 
available  to  you.  R2  might  make  the  fea¬ 
tures  and  technologies  easier  to  use,  to 
integrate  or  to  acquire  (fewer  vendor 
sources  to  juggle)  but  there’s  really  noth¬ 
ing  new.  For  example,  Microsoft  is  touting 
R2  as  being  available  in  x64  versions,  but 
x64  versions  of  Windows  server  2003  have 
been  around  for  a  while.  The  company 
also  is  crowing  that  R2  is  “built  on 
Windows  Server  2003  SP1  for  enhanced 
security”  In  other  words,  if  you  have  Win 
2003  with  SPl,then  you’re  not  getting  any 
additional  security  with  R2. 

There  are  some  features  that  are  desir¬ 
able,  notably  in  the  areas  of  Identity  and 
Access  Management  (IAM)  such  as  feder¬ 
ation  services  across  Active  Directory 
security  boundaries,  single  sign-on  for 
both  Windows  and  Unix  clients,  better  use 
of  Web  services  standards  for  both  enter¬ 
prise  and  Web-based  applications,  and  a 
minimal  set  of  provisioning  services. 

Other  useful  features  include  better 
management  facilities  for  branch 
offices,  remote  users  and  storage  man¬ 
agement.  But  again,  these  are  evolution¬ 
ary  consolidations  of  features  and  tech¬ 
nologies  available  today,  provided  you 
exert  a  little  effort  to  locate,  install  and 
integrate  them. 

R2  does  offer  benefits  to  the  overworked 
Windows  network  manager.  It  should 
enable  you  to  lower  the  total  cost  of  own¬ 
ership  for  your  networks.  But  there’s  no 
need  to  rush  its  implementation  in  a  mis¬ 
guided  attempt  to  save  time  or  money 
That  could  actually  increase  your  costs, 
and  hasten  your  exit. 

Kearns,  a  former  network  administrator,  is 
a  freelance  writer  and  consultant  in  Silicon 
Valley.  He  can  be  reached  at  wired @ 
vquill.com. 


Tip  of  the  Week 


For  those  of  you  without  a 
comprenensive  IAM 
framework,  R2  wil!  be  a  big 
help.  We’ll  cover  those  fea¬ 
tures  in  detail  in  the  Identity 
Management  newsletter 
(www.networkworld.com/ 
newsletter/dir)  over  the 
next  few  months. 


SAP  digs  in  as  Oracle  revs  up 


Holding  steady 

SAP  has  a  comfortable  market  share  lead  over  ERP  rival  Oracle,  but 
now  is  not  the  time  for  the  software  maker  to  rest  on  its  laurels. 

Challenges 

Deliver  incremental  enhancements 
along  multi-year  transition  to  services- 
based  application  model. 

Opportunities 

Continue  to  steadily  grow  North  American 
customer  base. 

Earn  credibility  as  a  platform  vendor. 

Capitalize  on  Oracle’s  post-merger  distractions. 

Strengthen  partner  ecosystem. 

Refine  vertical  industry  expertise. 

■  Microsoft  last  week  extended  its 
reach  in  the  business  intelligence 
market  with  a  private  beta  release  of 
a  server-based  scorecard  application 
intended  to  help  organizations  man¬ 
age  objectives.  The  new  application, 
code-named  Maestro,  builds  on  the 
technologies  released  last  year  in 
Microsoft's  Office  Business  Score- 
card  Accelerator,  the  company  said. 
That  product  is  a  Web-based  applica¬ 
tion  that  lets  users  view  data  from 
disparate  sources  and  create  corpo¬ 
rate  and  departmental  scorecards. 
Maestro  also  offers  a  broad  view  of 
business  data  that  companies  can 
use  to  create  scorecards  for  projects 
and  initiatives,  but  it  is  more  closely 
tied  with  the  Microsoft  Office  System, 
It  lets  users  monitor  business  goals 
with  analysis  tools  and  features  a  col¬ 
laborative  environment  for  sharing 
information.  The  software  vendor 
expects  corporate  performance  man¬ 
agement  to  be  a  growing  market  in 
coming  years,  growing  from  $520  mil¬ 
lion  in  2003  to  $900  million  by  2009,  cit¬ 
ing  figures  from  Gartner. 

■  ScanSoft  last  week  said  it  agreed 
to  buy  speech  recognition  software 
rival  Nuance  Communications  in 
a  stock-and-cash  deal  ScanSoft  val¬ 
ued  at  about  $220  million.  ScanSoft 
will  use  the  acquisition  to  broaden 
its  product  portfolio  and  save  an 
estimated  $20  million  to  $25  million 
annually  through  cost  reductions 
from  combining  the  two  companies, 
ScanSoft  said.  ScanSoft  makes  digi¬ 
tal  document  management  and 
speech  software.  In  speech  recogni¬ 
tion,  its  chief  rival  is  Nuance. 

Gartner  estimated  that  at  the  end  of 
2004  the  two  vendors  together  con¬ 
trolled  77%  of  the  market  for  speech- 
server  systems.  Although  ScanSoft 
is  the  acquiring  company,  it  plans  to 
do  business  under  the  name  Nuance 
when  the  deal  closes,  the  company 
said.  ScanSoft  expects  to  lay  off 
employees  in  connection  with  the 
Nuance  deal.  It  said  it  anticipates 
savings  from  staff  cuts,  office  site 
consolidations  and  elimination  of 
redundant  operating  expenses. 


■  BY  ANN  BEDNARZ 

It’s  become  a  two-horse  race  between 
SAP  and  Oracle  as  the  two  dominant  enter¬ 
prise  application  vendors  vie  for  greater 
share  of  customers’  IT  budgets.  SAP  holds  a 
commanding  lead  over  Oracle  in  terms  of 
market  share,  but  the  latter  is  increasing  its 
efforts  to  narrow  the  gap. 

This  week  at  its  annual  North  American 
user  conference  in  Boston, SAP  is  expected 
to  further  detail  its  progress  migrating  its 
technology  to  a  service-oriented  architec¬ 
ture  —  what  it  has  dubbed  Enterprise  Ser¬ 
vices  Architecture  (ESA). 

SAP  laid  out  its  ESA  blueprint  in  2003  and 
a  year  later  shipped  the  cornerstone, 
NetWeaver.The  NetWeaver  integration  plat¬ 
form  provides  a  means  to  compose  and 
orchestrate  business  processes  that  cross 
traditional  application  silos.  Its  availability 
signaled  SAP’s  effort  to  compete  in  the  tra¬ 
ditional  business  applications  market  and 
in  the  infrastructure  realm. 

SAP  CEO  Henning  Kagermann  will  focus 
his  keynote  address  on  SAP’s  progress  in 
delivering  on  its  ESA  vision,  says  Bill  Wohl, 
vice  president  of  product  and  solutions 
public  relations  at  SAP  That  progress  in¬ 
cludes  migrating  the  majority  of  SAP’s 
applications  to  the  NetWeaver  stack,  as  well 
as  providing  a  demo-services  repository  so 
independent  software  vendors  can  start 
building  their  own  products  on  top  of  500 
common  SAP  services,  Wohl  says. 

In  the  service-oriented  world,  SAP’s 
biggest  asset  is  its  process  expertise  culled 
from  years  of  building  business  applica¬ 
tions,  says  Joshua  Greenbaum,  principal 
with  Enterprise  Applications  Consulting. 
“But  the  processes  are  less  interesting,  less 
remunerative  to  SAP  if  they’re  accessed 
through  someone  else’s  infrastructure,”  he 
says.  “If  they’re  accessed  through  Net- 
Weaver,  then  SAP  is  selling  the  razors  and 
the  razor  blades.” 

SAP  also  is  expected  to  use  its  Sapphire 
event  to  play  up  its  recent  deals  with  IBM 
and  Microsoft  as  the  company  works  to 
strengthen  its  partner  network.  Last  month 
SAP  announced  an  agreement  with  IBM  to 
optimize  Big  Blue’s  DB2  database  for  SAP 
applications.  Days  later,  SAP  and  Microsoft 
announced  their  first  jointly  developed 
product,  code-named  Mendocino,  de¬ 
signed  to  connect  SAP’s  mySAP  business 
applications  with  Microsoft  Office. 

The  Mendocino  announcement  is  a 
good  example  of  how  ESA  would  provide 
the  flexibility  to  build  composite  applica¬ 


tions  that  combine  disparate  resources, 
Wohl  says.“It’s  about  fast,  rapid  fixes  to  busi¬ 
ness  requirements  —  whether  they  come 
from  partners,  SAP  or  customers  —  in  a 
fashion  that  allows  a  quick  response  with¬ 
out  a  lot  of  heavy  integration  work  and 
expense  associated  with  it,”  he  says. 

A  strong  partner  network  is  critical  to  SAP 
gaining  credibility  as  a  platform  vendor, 
analysts  say  “SAP’s  ecosystem  strategy  is 
probably  the  No.  1  thing,  at  this  point,  that 
SAP  has  to  define,  articulate  and  show 
results  for’’  Greenbaum  says.  “NetWeaver 
won’t  realize  its  potential  if  SAP  can’t  build 
these  partnerships.” 

But  at  the  same  time,  SAP  has  to  make 
sure  it  clearly  articulates  what  the  gaps  in 
its  product  strategy  are,  where  partners  are 


■  BY  JOHN  FONTANA 

The  insurance  industry  is  getting  a  jolt  of 
technological  savvy  from  a  company  of 
forward-thinking  brokers  who  have  estab¬ 
lished  the  first-ever  online  auction  site 
focused  on  selling  unwanted  life  insur¬ 
ance  policies. 

Life  Settlement  Insights  late  last  month 
kicked  off  its  new  auction  site  LifeX,  the 
first  online  exchange  in  the  life  insurance 
settlement  industry  The  industry  is  a  niche 
of  the  insurance  market  that  has  grown  to 
a  nearly  $15  billion  business  over  the  past 
few  years. 

Life  insurance  settlement  deals  with  in¬ 
surance  policies  that  are  no  longer  wanted 
by  their  owners,  mostly  because  they  can 
no  longer  pay  the  premiums  that  increase 


going  to  be  able  to  thrive  and  SAP  isn’t 
going  to  try  to  compete.  “That’s  a  tricky 
question,”  Greenbaum  says. 

As  the  Sapphire  user  show  approaches, 
industry  watchers  also  are  tuned  to  the 
escalating  SAP  vs.  Oracle  rivalry  The  two 
are  the  last  remaining  independent  ven¬ 
dors  from  among  the  so-called  JBOPS  — 
J.D.  Edwards,  Baan,  Oracle,  FeopleSoft  and 
SAP  —  that  reigned  supreme  in  the  ERP 
industry  in  the  late  1990s. 

Enterprise  IT  buyers  are  showing  greater 
inclination  to  standardize  on  fewer  soft¬ 
ware  providers,  and  SAP  and  Oracle  are 
prime  candidates  for  wresting  greater 
account  control  at  the  expense  of  smaller, 
more  specialized  vendors,  according  to 

See  SAP,  page  26 


as  policyholders  age. 

Those  policyholders  have  traditionally 
had  two  options:  Stop  paying  premiums 
and  walk  away  empty-handed  or  take  a 
cash  payout  from  the  insurance  company 
usually  a  small  percentage  of  the  policy’s 
value. 

But  now  the  life  settlement  industry 
offers  the  option  of  selling  the  policy  to  the 
highest  bidder,  typically  institutional 
investors. The  buyer  pays  tiie  policyholder 
a  fee, typically  between  15%  and  20%  of  the 
policy’s  value,  takes  over  payment  of  the 
premium  and  then  collects  the  payout 
when  the  policyholder  dies. 

“The  returns  on  these  policies  is  typically 
between  9%  and  12%.  That  is  why  institu¬ 
tional  buyers  like  them,”  says  Jim  Cavoli, 
Sec  Insurance,  page  26 


Brokerage  firm  shaking 
up  insurance  industry 


The  U.S.  Court  of  Appeals  for  the 
District  of  Columbia  Circuit  recently 
tossed  out  the  FCC’s  attempt  to  pro¬ 
vide  a  technical  protection  system  for  the 
movie  industry  The  court  did  not  address 
whether  the  FCC’s  idea  had  merit;  it  ruled 
that  the  FCC  blithely  ignored  Congress¬ 
ional  limits  on  its  authority  when  it  man¬ 
dated  that  “broadcast  flag”  support  be 
included  in  a  range  of  electronic  devices 
starting  this  summer. 

This  is  not  likely  to  be  the  end  of  the  story. 
The  broadcast  flag  is  a  command  inserted 


into  a  movie  or  other  broadcast  that  can  be 
used  to  tell  receiving  devices  to  limit  the 
user’s  ability  to  make  copies  of  the  materi¬ 
al.  In  late  2003,  the  FCC  ordered  that  all 
devices  that  could  be  used  to  receive  digi¬ 
tal  over-the-air  broadcasts  include  logic  to 
recognize  and  obey  the  broadcast  flag 
command  by  July  2005. 

Over-the-air  broadcasts  were  the  first  tar¬ 
get  of  the  broadcast  flag,  but  it  would  take 
someone  of  determined  naivete  not  to 
think  that  the  movie  industry  would  push 
to  have  the  FCC  mandate  the  same  sort  of 
flag  processing  for  cable  TV  and  other 
wired  delivery  methods  if  the  technology 
proved  itself  on  over-the-air  broadcasts. 

I  wrote  about  the  broadcast  flag  when 
the  FCC  first  mandated  it  (see  www.net- 
work  world.com,  DocFinder:  7125).  At  the 
time  I  wrote, “the  FCC's  order  is  not  nearly 


as  bad  as  the  movie  industry  wanted  it  to 
be,  but  it’s  bad  enough  .’’But  the  new  court 
decision  (DocFinder:  7126)  does  not 
address  how  bad  the  idea  is  —  it  just 
addresses  the  legal  standing  of  the 
American  Library  Association  (ALA), 
which  instigated  the  lawsuit,  and  the 
authority  of  the  FCC  to  control  what 
devices  can  do  with  a  transmission  after 
receiving  it. 

The  court  basically  said  the  ALA  had 
standing  because  broadcasters  could  use 
the  flag  to  stop  librarians  from  making 
copies  of  parts  of  broadcasts  that  they  are 
legally  entitled  to  make.The  court  also  said 
the  statutes  that  empower  the  FCC  to  regu¬ 
late  communications  limit  it  to  dealing 
with  transmissions  up  until  the  time  they 
are  received.The  authority  does  not  extend 
to  controlling  what  happens  after  the 


reception.  Because  of  this,  the  court  ruled 
that  the  FCC  exceeded  its  authority  when  it 
ordered  that  manufacturers  support  the 
broadcast  flag.  So  the  FCC  mandate  is 
gone,  at  least  for  now.  The  government 
might  appeal  the  court  decision,  but  it 
looks  like  a  long  shot.  That  doesn’t  mean 
this  type  of  protection  for  old  business 
models  is  dead.There  is  plenty  of  tradition 
behind  getting  Congress  to  protect  those 
too  stupid  to  adjust  to  new  worlds.  The 
chance  that  Congress  will  try  to  do  this 
again  is  close  to  100%. 

Disclaimer:  At  least  parts  of  Harvard  are 
all  about  adjusting  to  new  situations,  but 
the  above  observation  is  my  own. 

Bradner  is  a  consultant  for  Harvard 
University’s  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 
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Protecting  the  past 


I  fc  Oracle  has  a  lot  under  the  hood.  It  has  strong  technol¬ 
ogy  but  it’s  been  handicapped  by  its  merger  and  acquisi¬ 
tion  activity.  U 

Joshua  Greenbaum 

Principal,  Enterprise  Applications  Consulting 


SAP 

continued  from  page  25 

AMR  Research.The  research  firm  estimates 
SAP  will  capture  43%  of  ERP  market  share 
in  2005,  compared  with  Oracle’s  19%. 

SAP  has  a  comfortable  market  share 
lead  over  Oracle  and  likely  isn’t  worrying 
much  about  losing  that  lead,  says  Jim 
Shepherd,  senior  vice  president  at  AMR. 

Oracle  has  a  lot  of  ground  to  make  up 
with  its  enterprise  applications  business, 
agrees  Greenbaum.  Its  strategy  for  the  last 
two  years  has  been  to  buy  PeopleSoft.  And 
even  before  that,  Oracle  didn’t  devote  a 
lot  of  development  or  marketing 
resources  to  its  applications  business,  he 
says.  “Oracle  is  coming  off  three  years  of 
lackluster  attention  and  performance. 
Now  it’s  really  trying  to  rev  up  its  engine, 


Insurance 

continued  from  page  25 

CEO  of  Life  Settlement  Insights.  And  sell¬ 
ers  are  just  as  happy  because  they  receive 
a  higher  payout  than  they  would  typically 
get  from  the  insurance  providers,  he  says, 
The  problem,  however,  is  linking  up  the 
sellers  and  buyers  and  negotiating  the 
deals.  The  process  has  been  manual, 
labor-intensive  and  expensive.  Deals  also 
take  weeks  to  transact  as  brokers  run 
between  buyers  looking  for  the  best  deal. 
But  Life  Settlement  Insights,  which  negoti¬ 
ates  on  the  behalf  of  the  sellers,  is  out  to 
change  all  that  and  trump  its  competition 
in  the  process. 

“Fundamentally,  right  now,  what  we  want 
to  do  is  make  the  negotiation  efficient,” 
Cavoli  says.“We  want  to  take  it  from  three 
to  six  weeks  down  to  30  minutes.” 

I,ast  month,  the  firm’s  first-ever  auction 
•as ted  an  hour,  ran  in  real-time  and 
acluded  bidders  from  five  states.  He  says 
she  bidders  concluded  that  the  process 
ould  be  cut  to  30  minutes. 

‘There  is  no  limit  to  the  number  of  buy¬ 
ers  for  the  online  auction,  whereas  physi- 


but  it’s  missed  out  on  a  lot  of  leadership 
opportunities  already  Greenbaum  says. 

One  of  Oracle’s  longstanding  flaws  has 
been  its  inability  to  unite  its  applications 
and  infrastructure  products  in  a  coher¬ 
ent  way.  “If  Oracle  can  do  that,  it 
can  mount  a  serious  challenge,”  he 
says.“Oracle  has  a  lot  under  the  hood.  It 
has  strong  technology,  but  it’s  been 
handicapped  by  its  merger  and  acquisi¬ 


cal  requirements  limit  what  I  can  do  man¬ 
ually^’ Cavoli  says."  We  are  working  40  to  50 
deals  at  any  given  time,  and  to  do  that 
across  six  to  15  buyers  becomes  an  oner¬ 
ous  task  for  our  staff.  And  the  buyers  get  a 
great  deal  of  benefit  because  if  you  were 
not  at  the  top  of  my  Rolodex,  you  were 
not  getting  a  call  from  me  and  you  were 
not  engaged.” 

Analysts  say  the  ability  to  streamline  the 
process  will  be  key. 

“If  they  can  keep  costs  low  enough  they . 
might  get  enough  volume  to  make  it 
worth  their  while,  but  it  doesn’t  sound  to 
me  like  something  that  is  going  to  take  the 
industry  by  storm,”  says  Matt  Josefowicz, 
manager  of  the  insurance  group  at 
research  firm  Celent. 

Life  Settlement  Insights  went  online  with 
auction  service  provider  HedgeHog,  which 
also  runs  auctions  for  the  hotel  industry 
and  healthcare.  The  company  runs  its  site 
on  Windows  servers  that  support  a  Java 
front  end  for  browser-based  access  and  an 
Oracle  back  end  for  data  storage. 

“It’s  pretty  straightforward  what  we  do,” 
says  Jemin  Patel,  founder  and  CEO  of 
HedgeHog.  Pate!  says  HedgeHog  cus- 


tion  activity” 

Most  recently,  SAP  missed  an  opportu¬ 
nity  to  widen  the  gap  with  Oracle  when 
it  lost  a  bidding  war  for  retail  software 
maker  Retek.  A  battle  for  Retek  ignited 
after  Oracle  bested  SAP’s  initial  $8.50 
per-share  ($496  million)  offer.  After  some 
back  and  forth,  Oracle  eventually  pre¬ 
vailed  with  a  $11.25  per  share  offer. 

While  there’s  little  long-term  damage, 


tomized  its  proprietary  auction  applica¬ 
tion  to  support  LifeX,  including  the  capa¬ 
bility  to  handle  the  large  dollar  amounts 
the  auction  deals  with  and  its  open-for¬ 
ward  auction  format  where  bids  are 
sequentially  increased  until  the  bidding 
tops  out. 

For  the  first  auction,  Life  Settlement  In¬ 
sights  provided  buyers  with  a  few  weeks 
of  preparation  time  to  review  the  policies 
and  run  their  pricing  analysis.  Then  the 
auction  kicked  off. 

“As  the  first  movers,  we  find  a  lot  of  peo¬ 
ple  want  to  come  to  our  brokerage  now 
to  sell  their  policies  because  they  like  the 
idea  of  getting  an  answer  soon,  and  they 
like  the  idea  of  knowing  that  they  are  get¬ 
ting  fair  market  value,  which  is  objectively 
measured  by  the  lack  of  further  bids,” 
Cavoli  says. 

Cavoli  sees  a  day  when  this  technology 
might  be  the  standard  industry  wide,  even 
perhaps  spinning  off  a  separate  company 
that  would  contract  with  any  number  of 
brokerage  firms. 

“This  is  where  we  would  like  to  see  it  go, 
but  right  now  this  is  a  cost-savings  tool  for 
us,”  he  says.  ■ 


losing  Retek  to  Oracle  was  disappointing 
to  SAP  which  now  will  have  to  look  else¬ 
where  for  ready-made  retail  industry 
expertise,  Greenbaum  says. 

Retek  could  have  been  a  market  accel¬ 
erator  for  SAR  Wohl  acknowledges.  But 
even  without  it,  SAP  remains  the  leading 
software  provider  in  the  retail  industry, 
he  says.  “In  the  wake  of  Oracle  overpay¬ 
ing  for  Retek,  we’ve  talked  once  a  week 
about  a  major  win  for  SAP  in  retail”  At 
this  week’s  Sapphire  show,  SAP  is  expect¬ 
ed  to  announce  the  addition  of  another 
major  retailer  to  its  customer  list,  he  says. 

With  respect  to  Oracle, Wohl  downplays 
any  mounting  concerns  at  SAR“Oracle  is 
always  worth  keeping  a  close  eye  on,  but 
they  are  very  distant  in  our  rearview  mir¬ 
ror,”  he  says.  Oracle  will  have  a  lot  of 
work  to  do  to  assimilate  PeopleSoft,  J.D. 
Edwards,  and  Retek,  he  says.  “All  of  this 
bulking  up  has  not  translated  into  a  sig¬ 
nificant  catching  up  on  SAP.” 

Nonetheless,  given  Oracle’s  potential, 
SAP  needs  to  keep  up  its  guard. 

“As  a  market  leader,  SAP  has  to  keep 
reinventing  itself,”  Shepherd  says.  So  far  it 
has  —  successfully  adapting  over  the 
years  to  shifting  mainframe,  client-server, 
Web-based,  and  now  services-oriented 
requirements,  he  says. “SAP  has  shown  a 
remarkable  amount  of  agility  for  a  $9  bil¬ 
lion  company” 

Looking  ahead,  SAP  can  expand  on  its 
vertical  industry  expertise,  which  is  one 
of  the  things  the  company  does  better 
than  anyone  else,  Shepherd  says.  By 
emphasizing  vertical  application  fea¬ 
tures,  SAP  can  raise  the  bar  for  all  the 
other  application  vendors,  he  says. 

SAP  continues  to  enhance  its  industry- 
specific  offerings,  particularly  related  to 
four  key  industries  —  retail,  public  sec¬ 
tor,  banking  and  insurance  —  SAP  iden¬ 
tified  at  the  beginning  of  the  year, 
Wohl  says.  At  Sapphire,  SAP  plans  to 
announce  customer  wins  in  each  of 
these  industries.  SAP  also  will  unveil 
upgrades  to  its  industry-specific  CRM 
products,  he  says.  ■ 


DON’T  LET 
SPYWARE 
SABOTAGE  YO 
ENTERPRISE. 


The  next  threat  is  no  threat  with  Trend  Micro. 

Expose  and  eradicate  spyware  with  Trend  Micro's  Enterprise-class,  multi-level, 
anti-spyware  solutions,  They're  the  only  solutions  that  block  and  clean  at  the  gateway — 
the  most  effective  point  of  control.  Trend  Micro.  #1  global  leader  at  the  gateway  and 
industry  pioneer.  Whether  it's  a  virus,  worm,  spyware,  or  spam,  we've  got  you  covered. 


For  a  FREE  evaluation  and  IDC  whitepaper, 
go  to  www.trendmicro.com/spyware 
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'We  conducted  stringent  testing  and  chose 
the  Microsoft ®  solution  for  its  unified  stack, 
which  saves  time  and  money  on  integration 
and  maintenance.  These  factors  combined 


to  give  the  Microsoft  stack  a  24  percent 
lower  total  cost  of  ownership  compared 
to  other  solutions." 


—  Randy  McCoy,  CTO, 
CheckFree  Corporation 


CheckFree  Corporation  powers  millions  of  financial  transactions  daily  for 
thousands  of  financial  institutions.  As  home  to  one  of  the  world's  largest 
databases,  they  needed  to  reduce  their  cost  per  transaction  while  maintaining 
performance  and  quality.  So  they  conducted  a  stringent  benchmark  test  of 
an  IBM  solution  stack  including  Red  Hat  Linux  9,  IBM  DB2,  and  J2EE  against 
a  Microsoft  solution  featuring  Windows  Server™  2003,  SQL  Server™2000, 
and  the  .NET  Framework.  Because  the  Microsoft  stack  delivered  14%  faster 
transaction  rates  and  24%  better  TCO,  CheckFree  chose  the  Windows®  platform 
for  the  next  generation  of  their  Investment  Services  platform. 

To  get  the  full  case  study,  other  case  studies,  and  other  third-party  findings, 

go  to  microsoft.com/getthefacts 
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of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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ENTERPRISE  SOFTWARE:  Management  packages 

Network  management  goes  open  source 


■  BY  DENISE  DUBIE 

Despite  vendors’  best  efforts,  the  perception  of  net¬ 
work  and  systems  management  products  is  that 
many  are  high-priced,  require  lengthy  deployment 
cycles,  entail  multiple  integration  efforts  and  necessitate 
time-consuming  customization. 

But  open  source  vendors  and  developers  are  bringing 
a  new  breed  of  products  to  market  that  could  shatter 
that  perception  and  provide  customers  with  inexpen¬ 
sive,  flexible  and  easy-to-integrate  management  tools. 
Freeware  applications  such  as  Multi  Router  Traffic 
Grapher  and  Big  Brother  have  been  around  for  decades 
in  a  majority  of  IT  departments  as  tools  users  turn  to 
when  commercial  products  can’t  deliver,  but  because  of 
scalability  and  support  concerns,  the  applications  rarely 
take  off  in  enterprise-wide  rollouts. 

Today’s  open  source  tools  have  been  commercialized 
by  vendors  such  as  Groundwork,  Hyperic  and  others, 
which  also  provide  customers  with  support  and  mainte¬ 
nance  contracts  that  often  aren’t  part  of  a  freeware  or 
shareware  deployment.  And  while  these  tools  aren’t  free, 
they  don’t  carry  the  $1  million  price  tag  of  a  BMC  Patrol, 
Computer  Associates  Unicenter,  HP  OpenView  or  IBM 
Tivoli  —  and  according  to  early  adopters,  open  source 
management  products  can  offer  atypical  benefits. 

“The  financial  benefits  of  open  source  are  simply  a 
byproduct  of  the  real  gain  it  offers  us.  We  can  control 
our  time  to  market  to  our  customers  using  open  source,” 
says  Andres  Andreu,  technical  director  of  Web  engineer¬ 
ing  and  applications  for  advertising  giant  Ogilvy  & 
Mather  in  New  York. 

Andreu  uses  Hyperic  HQ  to  monitor  Web  servers  and 
Web  services  across  the  firm’s  global  infrastructure.  He 
says  about  three  years  ago  he  went  shopping  for  a 
management  platform  and  didn’t  discover  one  tool  to 
meet  his  needs  —  which  included  monitoring  open 
source  tools  such  as  JBoss,  Apache  and  MySQL. 
Because  the  IT  shop  at  Ogilvy  &  Mather  must  work  as 
quickly  as  its  business  counterparts,  Andreu  says  he 
needed  a  product  that  he  could  quickly  manipulate  to 
meet  his  needs. 

“The  source  code  is  available  and  it  helps  me  write 
plug-ins  to  get  the  level  of  granularity  I  need,”  he  says. 


Hyperic  HQ  is  actually  a  hybrid  product  of  sorts  — 
part  open  source  and  part  proprietary  technologies. 
Hyperic  was  spun  out  of  Covalent,  which  focused  on  the 
security  and  support  needs  of  the  Apache  Web  Server, 
and  Hyperic  took  Covalent  Application  Manager  and 
broadened  its  reach  to  include  the  ability  to  manage  the 
entire  Web  and  open  source  infrastructure  stack, says 
Javier  Soltero,  Hyperic  CEO. 

“Open  source  in  general  is  still  painful  when  it  comes 
to  the  process  of  getting  it  rolled  out,  and  customers  are 
still  in  the  migration  process  so  we  included  both  com¬ 
mercial  and  open  source  technologies,”  Soltero  says.“We 
worked  to  get  our  install  time  down  to  a  minimum.” 

Hyperic  HQ  is  installed  on  a  dedicated  server  and 
comes  with  a  built-in  database.  Customers  deploy  agents 
on  all  managed  machines,  and  the  agents  report  back  to 
the  server  only  when  conditions  have  changed  or  an 
alert  is  necessary  The  software  monitors  various  plat¬ 
forms  ranging  from  Tomcat  to  Citrix  to  Apache  to  Linux 
to  Solaris  to  Windows  to  VMware  and  more. The  software 
delivers  data  and  reports  via  a  Web-based  interface. 

The  difference  between  Hyperic  HQ  and  freeware 
monitoring  applications  such  as  Nagios  (formerly 
NetSaint),  Soltero  says,  is  that  Hyperic  HQ  can  report  on 
upcoming  performance  issues  and  not  only  alert  on 
events  after  the  fact. 

Mark  Douglas,  vice  president  of  engineering  and  oper¬ 
ations  at  online  dating  company  eHarmony  in 
Pasadena,  Calif.,  says  the  “broad  footprint”  of  Hyperic  HQ 
drew  him  to  the  product,  and  the  open  source  aspect 
was  an  added  bonus.  He  uses  the  software  to  monitor 
network  switches,  storage  arrays  and  application  servers. 

“It  gives  us  an  integrated  view  of  the  whole  stack,  hard¬ 
ware  and  software,  including  our  open  source  tools,” 
Douglas  says.“We  aren’t  predominantly  open  source,  but 
it’s  definitely  part  of  the  environment.” 

As  for  the  added  bonus  Douglas  mentions,  he  says 
Hyperic  HQ  not  only  manages  storage  arrays  from  EMC, 
but  also  the  equipment  from  smaller  vendor  3Par. 

“1  am  not  sure  if  it’s  just  a  general  openness  with  the 
software,  but  it  supports  just  about  everything  I  have,  and 
I  can  write  plug-ins  specific  to  my  environment,”  he  says. 

Another  newcomer  to  the  management  market, 
Groundwork  this  year  unveiled  Groundwork  Monitor, 


which  is  an  extension  of  Nagios  open  source  monitor¬ 
ing  application. The  software  runs  on  a  Linux  server  with 
memory  in  disk  and  can  be  used  either  with  or  without 
agents.The  agent  option,  recommended  by  the  vendor, 
essentially  uses  a  Perl  script  that  runs  on  managed 
devices,  and  extracts  management  information  from  the 
device’s  Management  Information  Base  to  send  to  the 
central  server.  Customers  also  have  the  option  to  write 
plug-ins  specific  to  their  environment  to  further  broaden 
the  software’s  monitoring  capabilities. 

Despite  the  optimism  of  early  adopters,  open  source  in 
the  management  realm  is  still  quite  immature.  As  with 
most  technologies,  adequate  management  technologies 
follow  mainstream  adoption  and  always  need  to  play  a 
bit  of  catch  up. 

“Network  and  systems  management  tools  are  one  of 
the  least  mature  areas  of  open  source,”  says  Michael 
Goulde,  a  senior  analyst  at  Forrester  Research.“A  few 
companies  have  taken  open  source  tools,  such  as 
Nagios,  and  built  on  those  capabilities,  but  the  Holy 
Grail  in  management  is  still  end-to-end  application  man¬ 
agement  across  the  client  to  back-end  servers.  And  the 
technology  isn’t  there  yet  —  in  the  commercial  or  open 
source  world.” 

EHarmony ’s  Douglas  would  like  to  see  more  advanced 
reporting  in  Hyperic’s  software,  and  Lamonica  would 
like  Groundwork  to  develop  hooks  from  its  Monitor  soft¬ 
ware  into  network  and  physical  security  devices  across 
his  company’s  multiple  construction  sites. 

“The  tool  gives  a  good  picture  of  the  average  statistics, 
but  we  need  to  also  be  aware  of  the  extremes  and  get 
granular  high-low  reporting,”  Douglas  says. 

Lamonica  adds, “It  would  be  ideal  to  have  this  tap  into 
[intrusion-detection]  systems  and  see  all  security  and 
network  events  in  one  console.” 

While  early  adopters  can  extend  the  code  for  many 
purposes,  they  say  the  vendors  need  to  continue 
development,  as  well.  One  plus  of  open  source  —  the 
availability  of  the  source  code  —  could  represent  a 
double-edged  sword  of  sorts  to  inexperienced  net¬ 
work  managers. 

“The  benefit  of  extending  that  source  code  could  be 
lost  if  someone  doesn’t  have  the  skills  to  do  it,” 

Goulde  says.  ■ 


Open  management 

Both  commercial  products  and  shareware  apply  the  easy-to-install  and  integrate  values  of  open  source  to  network  and  systems  mangement  tools. 


Company 

Product 

What  it  does 

Price 

Groundwork  Open 
Source  Solutions 

Groundwork  Monitor 

Queries  applications,  network  equipment,  servers  and  other  components 
to  identify  availability  and  performance. 

Turnkey  package,  $40,000;  subscription  model, 
$10,000  per  year. 

Hyperic 

Hyperic  HQ 

Auto-discovers  all  the  hardware,  software  and  services  deployed  in  an 
infrastructure,  populates  a  built-in  database  and  delivers  alerts  through 
a  Web-based  portal. 

$65  per  month,  or  $780  per  year. 

Nagios 

Nagios  2.0b3  (formerly  NetSaint) 

Runs  intermittent  checks  on  hosts  and  services  using  external  plug-ins. 

Licensed  under  the  terms  of  the  GNU  General 

Public  License  Version. 

Multi  Router  Traffic 
Grapher  or  MRTG 

MRTG  2.11.1 

Monitors  traffic  load  on  network  links,  generates  HTML  pages  containing 
Gif  images,  which  provide  a  live  visual  representation  of  the  traffic. 

Freely  available  under  the  terms  of  the  GNU 
General  Public  License. 

■  WIRELESS  ■  REGULATORY  AFFAIRS  ■  CARRIER  INFRASTRUCTURE 


Fiberlink,  Skype  team  to  offer  VoIP 


■  BY  DENISE  PAPPALARDO 

Fiberlink  has  inked  deals  with  firms  to 
offer  its  customers  VoiP3G  wireless  and  anti¬ 
spyware  options  when  traveling  worldwide. 

Fiberlink  offers  remote  access  services 
and  client  software  to  businesses.The  com¬ 
pany  is  teaming  with  Skype  and  Webroot 
Software  to  offer  new  applications,  access 
and  security  options. 

For  the  first  time  Skype,  which  is  best 
known  as  a  peer-to-peer  VoIP  service 
provider  for  consumers,  is  teaming  with  a 
service  provider  that  squarely  focuses  on 
enterprise  users. 

“This  is  a  fairly  significant  announcement 
showing  Skype  is  trying  to  get  legitimate 
within  the  business  world,”  says  Michael 
Disabato,  service  director  for  network  and 
telecom  strategies  at  Burton  Group. 

Skype,  which  claims  38.2  million  users, 
seems  to  be  listening  to  analysts  who  say 
that  lack  of  security  and  corporate  billing 
options  will  prevent  more  companies 
from  signing  on  to  the  service,  despite 
cost  savings. 

According  to  a  March  report  from 
Gartner,  users  who  travel  nine  months  per 
year  could  save  more  than  $14,000  annual¬ 
ly  by  using  Skype’s  service,  which  is  free 
when  calling  another  Skype  user.  The  sav¬ 
ings  result  from  eliminating  per-minute  ser¬ 
vice  rates  for  calls  from  overseas  to  the  U.S., 
which  typically  are  around  $2,  according  to 


■  Sprint  has  agreed  to  work  with 
Intel  to  help  get  a  mobile  form  of 
WiMAX  off  the  ground,  signaling  the 
mobile  operator's  interest  in  the  tech¬ 
nology  for  potential  high-speed  wire¬ 
less  services.  The  deal  calls  for  collab¬ 
oration  on  the  development  of  tech¬ 
nology  based  on  the  emerging  IEEE 
802. 16e  specification.  That  standard, 
which  is  not  expected  to  appear  in 
generally  available  products  until  2007 
or  2008,  is  designed  for  WiMAX  ser¬ 
vices  that  customers  can  use  while  on 
the  move.  The  companies  will  work 
together  on  product  specifications, 
interoperability  tests  and  equipment 
trials,  according  to  a  joint  statement. 


Gartner.  But  users  should  keep  in  mind  if 
they  make  calls  from  their  Skype  client  to  a 
traditional  phone,  they  will  not  see  the 
same  cost  savings  because  users  have  to 
pay  a  per-minute  rate  for  off-net  calls. 

But  in  the  same  report  Gartner  says, 
“Skype  needs  to  improve  its  support  struc¬ 
ture,  which  does  not  match  corporate 
expectations.”  And  that  might  be  one  rea¬ 
son  it  is  teaming  with  Fiberlink. 

Fiberlink  customers  now  will  be  able  to 
make  VoIP  calls  over  the  Internet  using  the 
service  provider’s  secure  client  Extend360. 
Fiberlink  customers  will  be  able  to  make 
off-net  calls  and  not  worry  about  making 
PayPal  payments  for  each  call,  which  is  the 
only  way  that  Skype  accepts  payments 
today  Instead,  Fiberlink  is  offering  corpo¬ 
rate  monthly  billing  for  all  off-net  calls. 

Extend360  customers  are  making  calls 
behind  a  personal  firewall  running  on  their 
PCs,  which  offers  additional  security 

Using  that  client,  IT  managers  should  be 
able  to  set  policies  that  limit  the  number  of 
off-net  calls  a  user  can  make  per  month, 


Disabato  says. 

“Teaming  with  a  provider  that  business 
users  trust  and  have  a  relationship  with 
already  is  a  big  step  for  us,”  says  Kelly 
Larabee,  a  spokeswoman  for  Skype.  “Secu¬ 
rity  is  one  of  our  favorite  things  about 
Fiberlink.” 

While  Skype  wouldn’t  say  if  it  plans  to 
team  with  other  service  providers,  Larabee 
did  say  the  company  is  “looking  to  partner 
with  world-class  companies  across  a  broad 
range  of  industries.” 

In  addition  to  coupling  easy-to-use,  low- 
cost  VoIP  services  with  its  client,  Fiberlink 
also  is  offering  wireless  3G  data  options. 
The  carrier  is  teaming  with  an  unnamed 
service  provider  to  offer  Evolution  Data 
Optimized  (EV-DO)  high-speed  wireless 
data  services  to  its  customers.  Fiberlink 
says  it  expects  to  name  the  service 
provider  at  a  later  date. 

Disabato  says  it’s  likely  that  Fiberlink  is 
teaming  with  Verizon  Wireless  because  it 
has  the  most  robust  EV-DO  deployment  so 
far.  But  he  points  out  that  the  service 


provider  also  could  be  Sprint,  which  uses 
Fiberlink’s  client  for  its  remote  access  ser¬ 
vice  offering. 

EV-DO  is  a  wireless  data  technology  that 
supports  average  transmission  speeds  of 
about  300K  to  500K  bit/sec.The  technology 
maxes  out  at  about  2.4M  bit/sec. 

Fiberlink  is  offering  EV-DO  access  as  part 
of  a  bundle.  Customers  can  get  unlimited 
EV-DO,  Wi-Fi,  hotel  broadband  and  dial-up 
services  for  $100  per  month,  per  user,  says 
Bill  Wagner,  chief  marketing  officer. 

Fiberlink  is  teaming  with  anti-spyware 
vendor  Webroot  Software.  The  service 
provider  is  integrating  the  Webroot  software 
with  its  client  so  users  can  easily  and  regu¬ 
larly  update  their  anti-spyware  software. 

The  integration  will  allow  network  man¬ 
agers  to  monitor  how  often  users  have 
updated  their  Webroot  software  and  build 
policies  around  that.  A  network  manager 
could  have  a  policy  that  says  if  a  user  has 
not  updated  his  anti-spyware  software  in 
six  months,  he  is  not  permitted  to  access 
the  VPN.  ■ 


MPLS  makes  a  lot  of  sense . . .  some  of  the  time 


EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


I’ve  heard  from  several  telecom  man¬ 
agers  who  are  assessing  Multi-protocol 
Label  Switching-based  services  for  their 
WANs.  Given  the  growing  momentum 
behind  the  technology,  it  makes  sense  to 
ask  whether  MPLS-based  services  are  right 
for  your  organization. 

First  off,  MPLS  is  a  technology,  not  a  ser¬ 
vice.  Most  carriers  run  MPLS  underneath  a 
wide  range  of  services,  including  frame 
relay  wide-area  Ethernet,  native  IP  and 
ATM.  The  advantages  accrue  primarily  to 
the  carrier.  User  benefits  include  lower  cost 
in  most  cases,  greater  control  over  net¬ 
works,  and  more  detailed  QoS.  In  fact,  QoS 
is  the  primary  reason  IT  executives  opt  for 
MPLS  —  in  a  recent  Nemertes  benchmark, 
62%  of  organizations  told  us  they’re  using 
MPLS  today  or  plan  to  deploy  it,  with  55% 
listing  QoS  as  the  main  reason. 


MPLS-based  services  are  a  good  fit  in  the 
following  scenarios: 

•  Your  company  has  a  lot  of  any-to-any 
traffic.  Any-to-any  traffic  requires  N-squared 
number  of  connections  —  an  expensive 
proposition  in  network  technologies  that 
charge  by  the  circuit,  such  as  frame  or 
ATM.  Most  companies  don’t  have  a  lot  of 
any-to-any  traffic,  unless  they’re  engaged  in 
a  convergence  project.  The  majority  of 
today’s  applications  tend  to  be  client/ 
server,  which  generate  hub-and-spoke  traf¬ 
fic  patterns.  For  these,  switching  to  MPLS 
doesn't  buy  much:  Firms  report  around 
10%  cost  savings  as  compared  with  legacy 
frame  or  ATM.  But  the  scenario  changes 
dramatically  when  MPLS  is  used  to  con¬ 
verge  voice  and  video  —  or  with  next-gen¬ 
eration  software  architectures. 

•You’re  planning  a  convergence  project. 
Most  firms  see  immediate  savings  —  25% 
or  more  —  when  they  begin  combining 
voice  and  video  traffic  over  the  MPLS  WAN. 
Video  often  is  carried  over  ISDN  circuits 
that  are  expensive. Consolidating  this  traffic 
onto  a  data  network  can  eliminate  the 
need  for  an  ISDN  network,  generating 
immediate  savings.  Also,  both  video  and 
voice  tend  to  have  any-to-any  traffic  pat¬ 
terns,  unlike  legacy  data  apps  —  so  the 


any-to-any  cost  savings  begin  to  kick  in. 

•  You’re  planning  to  deploy  next-genera¬ 
tion  computing  infrastructure  such  as  Web 
services,  peer-to-peer  or  grid  computing. 
Web  services  and  peer-to-peer  generate 
any-to-any  traffic  patterns:  grid  computing 
does  the  same,  and  often  requires  QoS 
capability  In  fact,  for  some  financial  ser¬ 
vices  firms,  grid  computing  is  the  primary’ 
driver  behind  MPLS. 

If  any  of  these  scenarios  applyyou’ll  want 
to  look  into  MPLS-based  services.  But 
please  don’t  jump  on  the  bandwagon  just 
because  MPLS  is  “the  next  big  thing” — you 
should  sort  out  what  MPLS  can  and  can’t 
do  for  you  before  taking  the  piunge. 

Want  to  learn  more?  Check  out  MPLSCon 
in  New  York  this  week.You  li  see  real-world 
examples  of  MPLS  deployments  from  the 
U.S.  Department  of  Agriculture,  the  state 
of  Illinois  and  others.  (Full  disclosure: 
Both  yours  truly  and  my  co-columnist 
Scott  Bradner  will  be  keynoting.)  For  more 
information,  check  out  www.network- 
world.com,  DocFinder:  7128. 

Johnson  is  president  arid  chief  research 
officer  at  Nemertes  Research ,  an  indepen¬ 
dent  technology  research  firm  She  can  be 
reached  at  johna@nemertes.com. 


High  Availability  & 
Reliability 

•  Resilient  switching  and  routing  foundation 

•  Global  load  balancing  for  multi-site 
scalability  and  survivability 

•  Link  aggregation 

•  Rapid  and  stateful  session  failover 

•  RSTP,  VRRP  for  switch  and  router 
redundancy 

•  Redundant  power  supplies 


Flexibility  &  1 

MANAGEABILITY 

•  In-line,  one-ARM  and  Direct  Server 
Return  modes 

•  Web,  SNMP,  INM  and  Cisco-like  CLI 


SUPERIOR  PERFORMANCE 

•  Up  to  1 40,000  L4  connections/sec 

•  Application  throughput  from  2  to  1 2  Gbps 

•  Wire-speed  Layer  2/3  forwarding 

•  Scalable  processor  performance 

Scalability  & 

EXPANDABILITY 

•  Port  expansion  to: 

•  48  Gigabit  Ethernet 

•  48  10/100  Mbps  Ethernet 

•  4  1 0-Gigabit  Ethernet 


SECURITY 

•  DoS  protection  up  to  4  million  SYN/sec 

•  Wire-speed  ACLs 

•  Application  rate  limiting 

•  Secure  device  management 

•  sFlow  traffic  monitoring 


I  RICH  FEATURES 


•  Intelligent  content  switching  using 
URL,  HTTP,  XML,  cookies,  SSL 
ID  and  others 

•  IP  NAT 

•  RIPv2,  OSPF  routing 


M  I  IN 
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Uptime,  scalability,  performance 
and  security  are  the  watchwords 
for  your  network.The  Serverlron® 
application  switch  is  designed  for 
this  environment.  Its  advanced 
switch-based  architecture 
features  a  scalable  content 
switching  engine  with  hardware- 
based  DoS  protection  delivering 
the  industry’s  most  powerful 
and  secure  application 
switching  solution. 


PC  Appliances  Cannot  Match  the 

fewer  awl  Flexibility  of  the  Sdft/a/J/utt 


SERVER  I  RON  PC  APPLIANCES 


PERFORMANCE  UPGRADEAB  ILITY 

X 

IN-SERVICE  PORT  EXPANDABILITY 

.  .  . . . 

X 

1D-BE  SUPPORT,  >  1  □  GPBS  THROUGHPUT 

X 

HIGH-DENSITY  DIRECT  SERVER  FAN-DUT 

X 

HARDWARE-BASED  CONNECTION 

MANAGEMENT  AND  DDS  PROTECTION 

X 

WIRE-SPEED  L2/L3  FORWARDING  AND  ACLS 

X 

The  SERVERlRDN 
Family  df  Products 
Also  Includes: 


Server  I  rqn  450  and  B50 


SERVERlRDNXL 


FOUNDRY 

NETWORKS 

The  Power  of  Performance 1 

Foundry  Networks,  Inc.  is  a  leading  provider  ofhigh-performance  Enterprise  and  Service  Provider  switching,  routing  andWeb  traffic  management  solutions 
including  Layer  2/3  LAN  switches,  Layer  3  Backbone  switches,  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers. 

. . . . J 


FOR  MORE  INFORMATION  PLEASE  CALL:  US/CANADA  1  SBB  TURBOLAN, 
INTERNATIONAL  +1  408,586.1  700  OR  VISIT  OUR  WEBSITE  AT  WWW.  FOU  NDR  YNET.  C  OM  /  SIE 


IPv6  addresses  demand  for  space 


HOW  IT  WORKS 


Dissecting  the  differences:  IPv6  vs.  IPv4 

An  IPv6  address  has  more  order  to  It  than  an  IPv4 
address.  Each  type  of  address  is  typically  associated 
with  a  Classless  Inter-Domain  Routing  (CIDR)  block 
that  specifies  network  and  host  portions  of  the 
address.  But  the  IPv6  address  also  has  an  interface 
portion  that  IPv4  addresses  don’t  have. 


For  example,  take  these  two  addresses.  Let's  say  the  addresses  come  from  the  CIDR  blocks 
4.15.19.0/24  and  3ffe:501:185b::/48,  respectively. 


IPv4:  4.15.19.12 


The  network  portion  is  defined  here. 


The  host  portion  is  defined  here. 


IPv6:  3ffe:501 :1 85b :  1 :  2e0:1 8ff:fea8:1 6f5 


The  interface  portion  is  defined  here. 


■  BY  KARL  SIIL 

IP  address  space  is  becoming  scarce 
under  IPv4,  the  main  Internet  communica¬ 
tions  protocol.  Growing  demand  for 
Internet-enabled  devices  requires  more 
space  for  growth.  Wireless  carriers  would 
like  to  tie  a  unique  IP  address  to  every 
phone,  pager  and  PDA,  and  household 
appliance  makers  are  experimenting  with 
smart  connected  devices  such  as  refrigera¬ 
tors  and  washing  machines. 

IPv6  offers  an  enhanced  addressing 
scheme  that  leaves  room  for  growth.  IPv6 
has  been  around  since  the  early  1990s, 
but  the  lack  of  a  killer  application  has 
slowed  its  acceptance  in  the  commercial 
world.  Recent  events  indicate  IPv6  might 
take  off  soon. 

Late  2004  saw  the  activation  of  Cernet2 
—  the  next-generation  Internet  in  China 
and  the  largest  IPv6  network  in  the  world. 
The  U.S.  government’s  deadline  for  its  IPv6 
rollout  and  compliance  is  February  2008. 
Businesses,  especially  those  with  Asia- 
Pacific  or  U.S.  government  interests,  might 
find  themselves  pulled  into  IPv6  by  the 
need  to  connect  to  their  colleagues. 


Got  great  ideas 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


IPv6  is  a  direct  plug-and-play  replace 
ment  for  IPv4.  All  major  operating  system 
and  network  hardware  vendors  support 
IPv6,  and  ISPs  are  starting  to  offer  IPv6  con¬ 
nectivity  The  only  thing  remaining  that 
holds  back  IPv6  deployment  is  the  massive 
effort  required  for  corporations  to  re¬ 
address  millions  of  computers,  routers  and 
other  Internet  devices.  But  this  effort  is 
slowly  starting  to  gain  momentum. 

The  basic  IPv6  header  is  far  simpler  than 
the  IPv4  header.  Each  header  contains 
source  and  destination  addresses  for  pack¬ 
et,  payload  length,  hop  limit  (equivalent  to 
the  IPv4  Time  To  Live  field)  and  a  field  indi¬ 
cating  the  protocol  encapsulated  in  the 
packet,  such  as  TCP  or  User  Datagram 
Protocol  (UDP). 

Significant  differences  arise  in  the  size  of 
the  address  space  and  its  layout.  An  IPv6 
address  has  four  times  as  many  bits  as  an 
IPv4  address  —  128  vs.  32. To  simplify  using 
IPv6  addresses,  the  dot-separated  eight-bit 
decimal  fields  of  IPv4  are  replaced  with 
colon-separated  16-bit  hexadecimal  fields, 
such  as  3ffe:50 1 : 1 85b:  1 :2e0: 1 8ff :fea8: 1 6f5. 

IPv4  addresses  are  assigned  by  Regional 
Internet  Registries  (RIRs)  worldwide,  such 
as  the  American  Registry  for  Internet 
Numbers  (ARIN)  in  the  Western  Hemi¬ 
sphere,  using  Classless  Inter-Domain 
Routing  (CIDR)  blocks,  such  as 
134.151.0.0/16.  CIDR  block  assignments 
range  from  hundreds  to  millions  of 
addresses  per  block,  and  the  numbering  of 
the  blocks  has  little  relation  to  the  world¬ 
wide  address  structure. 

IPv6  addresses,  also  assigned  by  RIRs,  are 
more  structured.  Various  addressing 
schemes  are  defined  and  identified  by  the 
high-order  bits  of  the  address  block.  The 


most  popular  scheme  splits  addresses  in 
half  —  64  bits  for  the  network  and  64  bits 
for  each  device.  The  high-order  64  bits  are 
composed  of  32  bits  for  the  RIR,  such  as 
ARIN;  16  bits  for  the  local  Internet  registry 
or  ISP;  and  16  bits  for  the  site  to  which  the 
address  belongs.  Each  site,  reminiscent  of 
what  was  once  called  a  Class-B  address 
block,  allows  for  up  to  65,536  devices. 

The  low-order  64  bits  of  a  given  address 
are  used  for  the  interface  identifier, such  as 
a  specific  interface  on  a  device.  In  the 
above  example,  3ffe:501 :185b:  1  represents 
the  specific  device  and  2e0:18ff:fea8:16f5 
represents  an  interface  on  that  device. 

Migration  to  IPv6  requires  the  systematic 
renumbering  of  all  of  a  corporation’s  IP 


addresses,  ideally  first  in  small  well-struc¬ 
tured  pilot  projects  to  understand  how  best 
to  use  the  address  space.This  would  be  fol¬ 
lowed  by  renumbering  of  particular  loca¬ 
tions  or  business  units  with  IPv4/lPv6  map¬ 
ping  devices  on  the  boundaries.  Eventually, 
as  the  entire  industry  migrates,  these  map¬ 
ping  devices  can  be  removed  from  internal 
boundaries  When  there’s  enough  of  an 
IPv6  Internet  to  connect,  for  example,  to  all 
of  the  given  corporations  customers,  and 
vendors  are  also  accessible  via  IPv6,  the 
external  mapping  devices  could  be 
removed,  as  well. 

Siil  is  chief  architect  of  Lumeta.  He  can  be 
reached  at  karl@lumeta.com. 


Ask 


Dr.  Internet 


By  Steve  Blass 


I've  seen  private  virtual  LANs  described  as  a  way 
to  isolate  DMZ  servers  from  each  other  by  re¬ 
stricting  traffic  between  switch  ports.  Cisco's  pri¬ 
vate  virtual  (PVLAN)  let  ports  be  promiscuous, 
isolated  or  members  of  a  community. 
Promiscuous  ports  talk  to  any  ports,  isolated 
ports  talk  only  to  promiscuous  ports,  and  com¬ 
munity  members  talk  to  promiscuous  ports  or 
other  community  members.  If  in  our  LAN  environ¬ 
ment  we  placed  printers  and  servers  on  promis¬ 
cuous  ports  and  workstations  on  isolated  ports, 


could  we  reduce  the  risk  of  compromised  PCs 
spreading  worms  and  malware? 

Limiting  LAN  workstations  to  server-only  con¬ 
nections  through  PVLAN  switch  configuration 
settings  could  reduce  risks.  Trunking  protocol 
settings  and  device  routing  rules  can  override 
PVLAN  switch  restrictions,  so  you  will  need  to 
provide  virtual  LAN  (VLAN)  access  control  lists 
that  block  intra-workstation  traffic  along  with 
the  PVLAN  port  assignments.  Restrict  the  range 


of  media  access  control  addresses  allowed  to 
connect  to  each  switch  port.  For  even  more 
security,  collect  unused  ports  in  a  VLAN  with 
no  Layer  3  access  permissions.  PVLAN  imple¬ 
mentations  that  can  operate  in  IEEE  802.1  q 
VLAN  environments  are  available  from  Cisco 
and  others. 


Blass  is  a  network  architect  at  Change@\Vork  in 
Houston.  He  can  be  reached  at  dr.int.emet@change 
atwork.com. 
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GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


After  many  years  of  being  a  Windows- 
only  shop  we  finally  acquired  a 
Macintosh:  to  be  precise,  a  Power 
Mac  G5  with  dual  2-GHz  PowerPC  proces¬ 
sors  and  1.5G  bytes  of  RAM  running  Mac 
OS  X  Tiger  and  iLife  ’05.  Wow.  We  can  see 
there's  a  real  danger  of  becoming  a  Mac 
zealot.The  system  is  amazingly  fast,  beau¬ 
tifully  engineered  and  gorgeous  to  look  at. 

What  wed  like  to  know  from  all  of  you 
Mac  addicts  is  what  cool  tools  should  we 
run?  We ’re  interested  in  IT  software  and 
the  stuff  that’s  just  plain  fun. 

Anyway,  back  to  the  world  of  Windows: 
How  often  do  you  need  to  transfer  data 
displayed  by  a  program  to  create  a  to-do 
or  a  contact  item  in  Outlook  or  on  your 
PDA?  For  example, you  might  go  to  a  trav¬ 
el  site,  book  a  flight  and  then  want  to  cre¬ 
ate  an  appointment  in  your  Outlook  cal¬ 
endar. 

Sure,  you  can  select  the  data,  copy  it  to 
the  clipboard,  open  a  new  appointment 
item,  paste  the  data,  and  then  set  the  date 


We  get  a  Mac,  find  a  tool  and  see  a  city 


and  time  fields  accordingly  But  given  that 
all  or  most  of  the  data  needed  to  make 
the  appointment  is  already  there,  doesn’t 
this  seem  like  a  golden  opportunity  for 
automation? 

For  ages  we’ve  wanted  a  tool  that  would 
solve  this  problem  and  we  have  finally 
found  one  that  does  the  job.  Anagram  by 
Textual  (http://getanagram.com)  parses 
data  from  selected  applications  to  gener¬ 
ate  contact  items,  appointments,  notes 
and  to-do  list  entries. 

Installation  is  trivial. The  most  challeng¬ 
ing  part  is  deciding  where  to  install  the 
program  and  whether  you  want  Anagram 
to  integrate  with  Outlook,  Palm  Desktop 
(including  specific  support  for  Iambic’s 
Agendus)  or  Salesforce.com. 

To  create  an  item  in  the  target  applica¬ 
tion,  you  use  the  mouse  or  cursor  keys  to 
select  text  and  then  use  the  hot  key  —  by 
default  this  is  Control-C  quickly  entered 
twice.  Anagram  will  then  parse  the 
selected  data  using  rules  the  company 
describes  as  artificial  intelligence  to 
determine  what  kind  of  item  to  make. 

If  you  don’t  want  the  data  saved  as  the 
type  of  item  that  Anagram  assumes  it  to 
be  press  Alt-Tab,  and  a  dialog  box  will 
appear  that  lets  you  select  an  alternative 
type. 


On  the  whole,  Anagram  works  well 
although  you  should  be  careful  not  to 
include  text  that  might  be  confusing.  For 
example,  Network  World's  address  at  the 
top  of  www.networkworld.com/contact/ 
default.html  confuses  Anagram,  which 
correctly  creates  an  Outlook  contact 
item  but  sets  the  Full  Name  field  to 
“Local.” 

In  fact,  if  you  install  Anagram,  go  to 
Textual’s  own  contact  page  (DocFinder: 
7130), select  its  address, “Postal  Address: 
I  Textual  I  PO  Box  391215  I  Cambridge, 
MA  02139”  (the  bars  stand  for  line 
breaks)  and  try  to  make  a  contact  from 
it,  the  company’s  name  is  assumed  to  be 
“Postal.”  “Address”  is  ignored  and 
“Textual”  is  taken  as  the  first  line  of  the 
address. 

We  asked  the  publisher  “Wazzup?”  and 
they  told  us  that  they  keep  adding  refine¬ 
ments  to  improve  Anagram’s  parsing  abil¬ 
ities.  The  fact  is  that  despite  the  occa¬ 
sional  goof,  Anagram  is  worth  every 
penny  of  its  $19.95  price  tag.  Want  to  use 
it  at  home  or  on  your  laptop,  as  well?  That 
will  be  an  extra  $6.95,  as  will  simultane¬ 
ous  support  for  Outlook  and  Palm 
Desktop.  Textual’s  pricing  for  Salesforce 
integration  is  a  different  model:  $6.95  per 
month. 


VisitorVille 

Our  final  soupcon  for  this  week  is  a  tool 
for  visualizing  your  Web  traffic  called 
VisitorVille  from  World  Market  Watch 
(www.visitorville.com). 

VisitorVille  runs  under  Windows  and 
shows  live  data  from  instrumented  Web 
pages  that  are  monitored  by  the  VisitorVille 
hosted  service  or  historical  data  from  the 
log  of  the  monitored  Web  server. 

VisitorVille  displays  a  “SimCity”-like  city 
complete  with  people  and  vehicles.  Web 
pages  are  buildings  and  masses  of  visitors 
coming  from  the  big  search  engines  are 
shown  as  buses  that  drop  off  visitors.Taxis, 
fire  trucks,  armored  cars  or  police  cars 
transport  visitors  between  buildings,  and 
you  can  choose  a  specific  vehicle  type  to 
take  visitors  to  a  given  building. 

This  is  a  remarkable  achievement  in 
presenting  data,  although  how  effective 
VisitorVille  is  in  portraying  site  activity 
over  the  long  term  as  compared  to  other, 
more  conventional  Web  metrics  tools  is 
hard  to  say.  Check  it  out  and  let  us  know 
what  you  think. 

Opinions  to  gearhead@gibbs.com 
and  get  your  fill  of  Gearheadedness  at 
(www.  networkworld.  com/weblogs/ 
gearblog). 


Cool  Digging  for  cool  at  Interop 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Now  that  we’ve  had  some  time  to  dig  through  our  notes, 
I  actually  did  discover  some  very  cool  products  at  Interop 
2005  in  Las  Vegas.  It’s  not  always  about  the  latest  giant 
switch. . . . 

Helium  Networks  was  located  about  as  far 
away  from  the  entrance  as  possible,  tucked  in 
the  wireless  company  zone.  Helium  was  show¬ 
ing  its  Wireless  Recon  system,  a  hardware 
and  software  combination  that  lets  net¬ 
work  managers  conduct  site  surveys  or 
audit  802.1  lb/g/a  networks  in  less  time  than  it 

The  SiteScout  cart  takes  WLAN  measurements  as 
you  wheel  it  around. 


would  take  using  traditional  survey 
methods.  SiteScout  also  let  administra¬ 
tors  collect  real-time  and  precise 
location  wireless  measurements  for 
ongoing  maintenance. 

The  system  includes  a  laptop  with 
the  company’s  SiteSense  software  sit¬ 
ting  on  the  SiteScout  hardware.  The 
wheels  of  SiteScout  measure  distance  and 
direction  as  the  Wi-Fi  card  inside  the  laptop  measures  sig¬ 
nal  strength  from  all  access  points  within  range  of  the  note¬ 
book.  The  location  and  signal-strength  data  is  then  com¬ 


piled  into  a  color-coded  coverage 
map  to  let  engineers  look  at  signal 
strengths  for  each  access  point  or 
group  of  access  points.  Once  layouts 
are  created,  users  can  physically 
move  access  points  and  then  recre¬ 
ate  the  coverage  map  and  document 
changes.  SiteSense  also  can  help 
maximize  frequency-channel  assign¬ 
ments  for  access  points, 

Helium  says. 

Two  things  struck  me  as 
cool  with  this  system:  the 
ability  to  get  more  sig¬ 
nal-strength  measure- 
ments  tied  to  actual  physical  locations  (inte¬ 
grating  measurements  within  the  wheels  is 
superb),  and  getting  measurements  that  more 
accurately  represent  the  signal  strength  of  an  access 
point  (most  radio  frequency  spectrum-management 
systems  take  measurements  at  the  level  of  the  access 
points,  which  are  often  in  ceilings,  not  where  a  laptop  or 
PDA  is  likely  to  be). 

The  system  (hardware  and  software)  will  cost  about 
$4,500.  Helium  plans  to  ship  systems  later  this  month. 

Data  that  sits  on  a  USB  hard  drive  is  relatively 
unsecure  —  if  a  device  is  lost  or  stolen,  anyone  can 
access  the  data  on  the  drive.  Some  systems  use  bio¬ 
metrics  for  authentication  and  encrypt  data,  but  a  lot  of 
authentication  and  encryption  processing  needs  to  occur 
on  a  host  PC.  The  Stealth  device  from  Memory  Experts 
International  changes  this.  Stealth  is  a  stand-alone, 
portable,  USB-powered  secure  storage  device  that  includes 


an  on-board  CPU  and  hardware-based 
cryptographic  engine.  This  lets  finger¬ 
print  scanning  and  matching,  as  well 
as  password  authentication,  take  place 


The  Stealth  storage  drive  includes  an  on¬ 
board  CPU  to  provide  all  authentication 
and  encryption. 


on  the  device.  Data  can  be  encrypted 
with  256-bit  Advanced  Encryption 
Standard  security  and  stored  on  the 
device  through  flash  memory  or  on  a 
microdrive,  the  company  says. 


At  first  glance  the  $199  Eli  security  appliance  from 
Electronic  Lifestyle  Integration  (ELI)  may  seem  like  a  con¬ 
sumer  product,  but  corporate  security  managers  looking  to 
better  secure  their  teleworkers  or  mobile  employees 
should  look  closer.  Eli  is  a  fully  managed  broadband  secu¬ 
rity  appliance  that  features  a  firewall;  anti-spam,  anti-virus 
and  anti-spyware  protection;  content  filtering;  a  four-port 
switch;  VPN  support;  and  a  wireless  gateway 

The  system’s  value  is  not  the  hardware  (most  of  these 
features  are  available  from  low-end  network  vendors), 
but  ELI’s  plan  to  provide  managed  security  services.  For 
a  monthly  fee  of  about  $10,  ELI  will  provide  daily  if  not 
hourly  updates  to  a  box  whenever  a  new  anti-spam  sig¬ 
nature,  virus  signature  or  security  hole  is  identified.  For 
companies  needing  to  securely  support  a  remote  work¬ 
force,  the  Eli  box  and  service  looks  to  be  a  slam-dunk. 

Shaw  can  be  reached  at  kshaw@nww.com. 


EtherScope  and  OptiView  -  Two  Portable  Network 
Analyzers  created  to  help  prove  it's  not  a  network 
problem.  Faster.  Quickly  proving  problems  are  not 
network  problems  is  exactly  what  our  portable 
analyzers  are  all  about.  Unlike  a  protocol  analyzer 
or  laptop  freeware,  they  give  you  the  complete  vision 
you  need  to  quickLy  and  accurately  diagnose  problems. 
For  example,  you  can  track  down  connectivity 
problems  and  incorrectly  configured  stations,  identify 

’V  ■ , 

causes  of  network  slowdowns  (like  excessive  broad¬ 
casts)  and  spot  bandwidth  hungry  applications. 

All  with  one  tool:  a  Fluke  Networks'  portable  analyzer. 

-  - 

Simply  put,  they're  the  best  way  to  prove  it's  not  the 
network's  fault.  And  the  surest  way  to  start  getting  a 
little  more  respect  around  the  office. 
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OH  TECHNOLOGY 

John  Dix 

AT&T:  Invest¬ 
ments  paying 
dividends 


Although  questions  about  SBC’s  pending  acquisition 
of  AT&T  won’t  be  answered  any  time  soon,  we 
caught  up  with  Hossein  Eslambolchi,  president  of 
AT&T  global  networking  technology  services,  at  Interop  for 
the  latest  news  about  the  deal  and  an  update  on  the  core 
developments  he  has  been  pushing  in  AT&T  for  several 
years. 

Eslambolchi,  who  also  holds  the  titles  of  president  of 
AT&T  Labs,  and  AT&T  CTO  and  CIO,  said  the  soonest  the 
merger  will  happen  is  in  2006.  Nothing  has  been 
announced  about  company  structure,  but  he  says  the  core 
groups  probably  will  consist  of  business  services,  con¬ 
sumer  service,  long-distance  consumer,  government  solu¬ 
tions  and  wireless.  And  of  course,  some  form  of  labs. 

In  terms  of  the  company  networks  and  IT  environments, 
Eslambolchi  said  the  long-distance  assets  will  be  integrat¬ 
ed,  the  AT&T  global  IP  network  will  become  the  standard 
because  SBC  leases  capacity  from  other  carriers,  and  it  is 
likely  that  AT&T’s  IT  systems  will  be  retained  because  of 
their  efficiency 

Many  of  those  efficiencies  stem  from  two  of  Eslambolchi’s 
pet  projects,  the  Concept  of  One  and  the  Concept  of  Zero, 
which  the  company  has  been  working  on  for  three  years. 

Under  the  Concept  of  One,  Eslambolchi  has  pushed  to 
consolidate  the  800  disparate  AT&T  systems  used  to  man¬ 
age  the  network.“We’re  down  to  350  today  and  the  objec¬ 
tive  is  get  it  down  to  20-50  by  year-end  2007.”  As  an  exam¬ 
ple,  AT&T  used  to  have  a  fault  management  system  for  IP 
another  for  optical,  another  for  frame  relay  etc.  Now  it  has  a 
global  fault  management  system  that  can  correlate  alarms 
and  faults,  so  it  is  evident  a  fiber  cut  also  is  responsible  for 
a  frame  problem. 

With  the  Concept  of  Zero,  Eslambolchi  is  striving  to  re¬ 
duce  the  human-to-human  and  human-to-computer  inter¬ 
actions  required  to  get  work  done.The  goal:  automate 
everything  possible.  One  success  story:  The  company  used 
to  have  several  hundred  Web  portals  for  business  services. 
They  have  since  been  rolled  into  one  portal  called  AT&T 
BusinessDirect,  which  automates  order-handling. 

That  portal  now  supports  25  million  transactions  annual¬ 
ly  and  has  reduced  cycle  times  for  processes  such  as 
ordering  IP  service  from  120  days  to  less  than  26,  Eslam¬ 
bolchi  claims.“Orders  used  to  be  handled  12  times,  now 
90%  are  not  touched  by  humans.” 

Taken  together,  he  says  the  advances  have  enabled  AT&T 
to  improve  network  performance  and  the  customer  experi¬ 
ence  while  scaling  back  head  count  over  the  years  from 
55,000  to  21,000.  If  your  experience  is  different,  let  us  know. 

As  for  Eslambolchi,  his  next  trick  will  be  extending  the 
advances  to  SBC. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 


www.networkworld.com 


opinions! 


Catching  red  herrings 

Kudos  to  JohnaTill  Johnson  for  her  column  on  VoIP 
and  911  (www.networkworld.com,  DocFinder: 
7 122). She’s  right  on  target  with  her  assertions  about 
the  true  reason  behind  the  reluctance  of  Vonage 
and  other  VoIP  vendors  to  integrate  their  systems 
with  the  existing  E-911  infrastructures. 

I  am  weary  of  the  red  herrings  that  are  being 
tossed  out  by  these  vendors  when, as  Johnson  notes, 
it  is  simply  a  matter  of  money  I  believe  that  Vonage 
and  others  are  unable  or  unwilling  to  be  competi¬ 
tive  if  faced  with  the  same  regulations  and  expecta¬ 
tions  that  wireline  carriers  are  saddled  with. 

It  is  encouraging  to  see  a  respected  member  of  the 
industry  call  a  spade  a  spade  on  that  issue.  (My  opin¬ 
ions  are  not  necessarily  those  of  my  employer.) 

Charlie  Wilber 
Telephone  systems  manager 
Dartmouth  College 

Hanover,  N.H. 

Go  Johna!  I  am  glad  to  read  an  article  in  which 
someone  is  telling  it  like  it  really  is.  This  is  a  huge 
issue  for  911  centers  across  the  country  and  the 
issue  is  only  going  to  become  larger  as  more  and 
more  households  adopt  VoIP  Thank  you  for  an 
excellent  and  accurate  column. 

Christy  Peters 
Training  coordinator 
Seminole  County  Sheriff’s  Office 
Sanford,  Fla. 

No  gain  from  teleworking 

Regarding  your  story  on  how  Network  World  200 
vendors  are  using  teleworking  to  cut  costs  (Doc- 
Finder:  7123):  What  a  crock!  First,  if  Sun  and  AT&T 

E-mail  letters  to  jdtix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


became  so  much  more  productive  from  the  use  of 
teleworking,  why  did  both  show  a  significant  loss  in 
your  NW200  list?  Nortel  didn’t  appear  at  all,  appar¬ 
ently  because  it  is  a  “foreign”  company 

Sun’s  downturn  eventually  will  be  tied  to  its  poor¬ 
ly  thought-out  decision  to  convert  to  a  telecommut¬ 
ing,  open-office  workforce.  Few  jobs  have  the  proper 
paradigm  for  true  telecommuting;  there  are  human 
and  group  factors  that  work  against  it.  No  matter 
what  the  warm-and-fuzzy  feel-good  proponents  of 
telecommuting  say  there  are  just  too  many  distrac¬ 
tions  for  the  average  person  to  handle  working  away 
from  the  office. 

The  most  important  loss  from  telecommuting  is 
the  synergism  that’s  part  of  employee  inter¬ 
action.  This  synergism  is  largely  intangible  but  is 
there  in  most  groups  and  totally  lost  when  people 
are  out  of  touch  most  of  the  time. 

I  might  have  been  more  convinced  by  the  story  if 
Sun,  AT&T  and  Nortel  had  shown  some  significant 
results,  but  they  didn’t. 

Jim  Jordan 
Sacramento,  Calif. 

Death  and  taxes 

Regarding  Mark  Gibbs’  BackSpin  column  about  his 
mother-in-law’s  struggle  to  convince  the  Social  Sec¬ 
urity  Administration  that  she  is  not  dead  (Doc- 
Finder:  7124):  When  you  travel,  have  you  noticed 
that  to  answer  a  simple  question  the  airline  agent 
bangs  about  400  keys,  looks  at  the  screen,  bangs 
away  at  another  200  keys,  looks  at  the  screen  and  so 
on  until  he  or  she  says, “That  flight  leaves  from  Gate 
32.”  What  is  going  on?  That  can’t  be  good  software. 

And  another  thing  —  when  will  software  designers 
stop  keying  information  to  telephone  numbers  and 
e-mail  addresses?  These  things  constantly  change 
and  are  therefore  not  very  good  as  a  look-up  tool. 

Jack  Miller 
Mentor,  Ohio 
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STRATEGY  SESSION 

Jeff  Kaplan 


A  recent  study  by  Deloitte  Consulting  has 
sparked  renewed  debate  about  the  busi¬ 
ness  value  of  outsourcing  mega-deals. 
The  study  published  last  month,  found  that 
nearly  75%  of  the  25  large  companies  sur¬ 
veyed  have  had  negative  experiences  with 
their  mega-outsourcing  projects.  The  study 
found  nearly  half  of  these  firms  have  failed  to  see  the  cost  savings  they 
anticipated  from  these  outsourcing  arrangements. As  a  result,  25%  of  the 
companies  surveyed  have  brought  outsourced  functions  back  in-house. 

These  high  dissatisfaction  and  failure  rates  should  come  as  no  sur¬ 
prise  to  those  who  have  followed  the  outsourcing  business.  Many  mar¬ 
ket  research  firms  also  suggested  that  more  than  half  of  these  deals 
would  fail, even  while  forecasting  substantial  growth  in  both  traditional 
IT  outsourcing  (ITO)  and  business-process  outsourcing  (BPO). 

Thinkstrategies  recently  teamed  with  the  Cutter  Consortium  to  con¬ 
duct  a  unique  industry  survey  that  compared  and  contrasted  the  per¬ 
ceptions  of  more  than  200  enterprise  decision  makers  and  IT/network 
solution  providers  regarding  some  important  outsourcing  issues.  We 
found  dramatic  differences  in  the  way  these  two  groups  view  their  out¬ 
sourcing  objectives,  preferred  operating  frameworks,  contracting  time 
tables  and  business  benefits. 

As  a  consequence  of  these  disparities  and  traditional  outsourcing’s 
dismal  success  rate,  many  companies  are  becoming  more  discerning 
about  their  outsourcing  arrangements.  Instead  of  offloading  entire  IT  or 
business  operations  to  a  third  party  they  are  now  contracting  for  more 
narrowly  focused  outsourcing  services. 


Changing  views  on  outsourcing 


A  Datamonitor  and  Everest  Group  study  has  quantified  this  trend, 
finding  the  average  size  of  an  outsourcing  deal  fell  18%  in  the  first  quar¬ 
ter  of  2005  compared  with  a  year  ago. This  decline  came  despite  a  5% 
increase  in  the  number  of  deals  signed  in  the  quarter  compared  with 
the  same  period  in  2004. 

According  to  Thinkstrategies’  research,  the  three  main  reasons  for  the 
high  failure  rate  of  large-scale  ITO  and  BPO  projects  are: 

•  Inaccurate  assessments  of  a  company’s  current  IT/business  perfor¬ 
mance  levels. 

•  Unrealistic  expectations  of  outsourcing’s  cost  benefits  and  perform¬ 
ance  improvements. 

•  Inflexible  outsourcing  agreements  that  lack  proper  reporting  and 
resolution  procedures. 

These  factors  are  fueling  the  growth  of  application  and  managed 
services.  These  pay-as-you-go  subscription  services  pose  less  risk  to 
companies  than  traditional  outsourcing. 

They  also  pose  an  enormous  threat  to  ITO/BPO  vendors  that  have 
relied  on  long-term  mega-deals  to  support  their  costly  service  deliv¬ 
ery  infrastructures  and  staff. 

While  many  ITO/BPO  vendors  are  attempting  to  reshape  their  oper¬ 
ations  and  offerings  to  accommodate  users’  changing  requirements, 
enterprise  decision-makers  should  carefully  evaluate  the  outsourcers’ 
ability  to  cost-effectively  deliver  more  narrowly  focused  subscription 
services  that  truly  match  their  company’s  goals  and  objectives. 


As  a  result,  25% 
of  the  companies 
surveyed  have 
brought  out¬ 
sourced  functions 
back  in-house. 


Kaplan  is  managing  director  of  Thinkstrategies,  a  consultancy  in 
Wellesley,  Mass.  He  can  be  reached  at  jkaplan@thinkstrategies.com. 


BEAUTY  CHECK 

Thomas  Nolle 


omeone  should  tell  MCI,  Qwest  and 
.  Verizon  that  the  debate  over  who  buys 
MCI  is  losing  its  audience.  At  this  point, 
most  people  have  reached  the  “Who  cares?” 
phase.  Too  bad,  because  although  the  “who” 
has  been  answered  (Verizon  won),  it’s  the 
“why”  that  we  should  care  about. 

Verizon  and  Qwest  didn’t  have  the  same  motives  for  wanting  MCI.The 
two  RBOCs  are  sharply  different.Verizon  has  pretty  good  growth, strong 
financials  and  the  premier  business  territory  in  the  U.S.  Qwest  has  a 
mountain  of  debt  and  the  least-valuable  region  (in  total  spending)  of 
any  RBOC.  So  what  gives  here?  The  answer  lies  in  about  the  year  2008. 

In  the  European  Union,  managed  services  are  the  rule.  Even  though 
EU  carriers  are  faced  with  things  such  as  unbundling,  they  still  have 
money  to  launch  aggressive  network  expansion  programs  that  include 
enterprise  service  improvements.  Managed  services  were  suppressed 
in  the  U.S.,  largely  because  leased  lines  were  so  inexpensive  in  the 
1980s  that  private  networking  developed  more.  You  can  see  by  the 
growing  popularity  of  outsourcing  that  managed  services  will  be  pick¬ 
ing  up  in  the  U.S.,and  by  2008  are  likely  to  make  enterprise  networking 
profitable  again. 

Then  why  buy  in  now  and  participate  in  the  near-term  decline?  Be¬ 
cause  SBC  bought  AT&T.The  RBOCs  all  knew  that  if  one  of  them  made 
a  move  to  get  into  the  enterprise  market,  the  rest  would  have  to  follow. 
SBC  did  the  deed  because  it  knows  that  Verizon  has  sales  credibility  — 
almost  half  the  major  corporate  headquarters  sites  are  in  Verizon’s 
region.  SBC  needed  to  jump-start  its  enterprise  program,  and  it  did. 

Qwest  needs  even  more  jump-starting.The  U.S.  is  going  to  end  up  hav¬ 
ing  three  RBOC-based  super-carriers.  SBC  is  one,  Verizon  the  second. 
BellSouth  has  the  most-credible  basis  for  the  third,  which  leaves  Qwest 
waiting  to  be  picked  up  at  some  future  point,  not  participating  in  the 
growth  phase  of  enterprise  networking  at  all.  By  picking  off  MCI,  Qwest 
could  have  hoped  to  be  the  foundation  for  that  third  competitor,  or  at 


Who  gets  MCI,  and  who  cares? 


least  be  more  interesting  to  BellSouth  in  a  down-the-line  merger. 

For  winning  bidder  Verizon,  MCI  is  more  a  convenience  than  a  neces¬ 
sity  Verizon  could  have  called  on  corporate  accounts  in  its  region,  but 
with  most  companies  locked  in  multi-year  contracts  with  an  interex¬ 
change  carrier  (IXC),  it  wouldn’t  have  gotten  immediate  success. 
Verizon  also  would  have  had  to  build  out  its  own  national  network  or 
wholesale  pieces  of  it  from  others.  All  of  this  would  have  added  up  to  a 
lot  of  early  cost  and  not  much  early  revenue. 

This  raises  the  question  of  what  Qwest,  Sprint,  Level  3,  Global  Crossing, 
Williams  Communications  and  other  enterprise  players  might  now  do. 
Qwest  still  needs  a  partner  to  move  forward  and  is  said  to  be  courting 
BellSouth  and  Sprint.  For  sure,  there’s  more  mergers  and  acquisitions  to 
come.  Rumors  of  a  deal  between  Level  3,  Electronic  Data  Systems  and 
Cisco  suggest  that  at  least  one  of  the  companies  may  be  looking  to  get 
into  higher-level  enterprise  services  long  before  2008,  hoping  that 
enough  early  adopters  can  be  picked  off  to  pay  for  the  cost  of  devel¬ 
oping  a  new  network. 

That  new-network  cost  is  the  main  reason  we  should  care  about  this 
acquisition  debate.  No  matter  which  RBOC  buys  which  IXC,  the  result 
has  to  be  a  program  of  network  modernization  based  on  IRnot  only  to 
position  for  those  2008  managed  services  but  also  to  stem  the  hemor¬ 
rhage  of  revenue  loss  by  lowering  network  capital  and  operations 
costs.This  activity  will  bridge  the  equipment  vendors  through  the  peri¬ 
od  needed  to  get  consumer  broadband  and  content  ramped  up. 

It’s  also  interesting  that  the  carriers  everyone  declared  dinosaurs  are 
now  the  ones  climbing  the  evolutionary  ladder.  Could  it  be  our  stan¬ 
dard  for  evolutionary  success  needs  clarity?  Maybe  we  should  have 
paid  more  attention  to  that  boring  mergers  and  acquisition  debate 
after  all. 


It's  also  interest¬ 
ing  that  the  car¬ 
riers  everyone 
declared 
dinosaurs  are 
now  the  ones 
climbing  the  evo¬ 
lutionary  ladder. 


Nolle  is  president  of  CIMl  Corp.,  a  technology  assessment  firm  in 
Voorhees,  N.J.  He  can  be  reached  at  (856)  753-0004  or  tnolle@cimi- 
corp.com. 


ery  takes  on  increased 
importance,  companies 
a  e  moving  from  tape  to 
new  technologies. 


Compared  to  hot  areas  like  security  or  wireless,  data 
backup  and  restore  may  have  seemed  like  IT’s  forgotten 
child  —  until  i  ow. 

A  perfect  storm  of  disappearing  back-up  windows 
(thanks  to  enormous  data  growth  and  nonstop  business 
operations),  large-scale  catastrophes,  increased  litigation 
requiring  electronic  data  discovery  and  federal  regula¬ 
tions  governing  data  Mention  has  catapulted  bad  up 
and  recovery  to  head  table. 

And.  reflecting  its  newfound  status,  backup  and  recovery  is  taking  on  a  more 
sophisticated,  grown-up  name:  data  protection,  which  encompasses  backup, 
recovery,  archiving,  retrieval,  disaster  recovery  and  business  continuity:  “This  is 
a  phenomenal  time  for  storage,  and  particularly  for  data  protection,”  says 
Arun  Tarieja,  president  of  Taneja  Group.  According  to  IDC,  the  back-up., 
archiving  and  replication  software  market  will  grow  from  $4,3  billion 
in  2003  to  $6.58  billion  by  2008,  representing  54%  of  storage 
software  expenditures. 

While  the  term  “data  protection”  covers  a  lot  of 
ground,  it’s  the  first  four  areas  —  backup,  recovery, 
archiving  and  retrieval  —  that  are  cu  rently  Of  high¬ 
est  interest.  says  Pete  Gerr,  senior  analyst  at  En¬ 
terprise  Strategy  Group. 

Companies  now  realize  they  must  be  able  to 
recover  specific  pieces  of  data  from  financial 
records,  e-mail,  instant  messaging  logs  and 
the  like  if  it’s  subpoenaed  as  evidence  in  a 
legal  case,  Gerr  says. 

See  Backup,  pag  40 
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You’re  resting  the 
strength  of  your 
entire  business  on 
that  millimeter-thin 
little  tape.  Tha 

doesn’t  work  for  me.”  /  * 

Brad  Green,  director  of  information  services  at 
Denton  Central  Appraisal  District 


BY  MARY  BRANDEL 


mm 

-A’V  ■ 


MICROSOFT.COM/SECURITY/IT 

Microsoft' 


ARE  MET  WITH  SWIFT 
AND  DECISIVE  ACTION 


HACKERS,  VIRUSES, 
and  WORMS 


Find  the  tools  and  guidance 
t  microsoft.co  i/s  curity/IT 

Microsoft  Windows  XP  Service  Pack  2:  Download  it  for 
free  and  get  stronger  system  control  and  proactive  protection 
against  security  threats. 

Free  Tools  &  Updates:  Download  free  software  like  Microsoft 
Baseline  Security  Analyzer  to  verify  that  your  systems  are 
configured  to  maximize  security.  Manage  software  updates 
easily  with  Windows  Server  Update  Services. 
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►  Microsoft  Risk  Assessment  Tool:  Complete  this 
self-assessment  to  help  you  evaluate  your  0rganrw~^“4^8**^i8^'4?^'#,,’: 
practices  and  identify  areas  for  improvement. 


Internet  Security  and  Acceleration  Server  2004 

the  free  120-day  trial  version  to  evaluate  how 
application-layer  firewall,  VPN,  and  Web  cache  Sj 
improve  network  security  and  performance 
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Bagkup 

continued  from  page  38 

7he  bottom  line  is  backup,  restoration  and  safe  archiving 
of  electronic  data  can  no  longer  be  a“hope  it  works” propo¬ 
sition. 

TapefaHs  out  of  favor 

“If  the  one  e-mail  that  may  keep  the  CEO  out  of  court  is 
the  last  file  written  to  tape,  it’s  going  to  take  a  very  long  time 
to  find  that  file,”  Gerr  says.  Long  recovery  times  mean  high 
legal  fees  and  electronic  data  discovery  service  provider 
costs,  not  to  mention  the  spotlight  it  shines  on  poor 
records-management  discipline,  which  can  lead  to  further 
regulations. 

Another  problem  with  tape  is  that  despite  many  advances 
in  the  technology  these  systems  just  can’t  keep  up  with  the 
volume  of  data  that  needs  to  be  stored  in  ever-shrinking  back-up  windows.  According  to 
a  March  2005  survey  conducted  by  Enterprise  Strategy  Group,  roughly  half  of  163  respon¬ 
dents  said  their  ability  to  back  up  and  recover  data  in  a  timely  fashion  has  been  hurt  by 
the  limitations  of  their  tape  systems. 

Start-ups  and  disk  storage  heavyweights  now  are  weighing  in  with  tape  alternatives, 
including  disk-to-disk  backup,  virtual  tape  libraries,  content-addressable  storage,  continu¬ 
ous  data-protection  devices,  new  replication  and  snapshot  schemes,  data  compression 
techniques  and  more  (see  related  story  on  page  41  for  definitions). 

With  disk-to-disk  devices  and  virtual  tape  libraries,  backups  can  run  within  reasonable 
time  frames,  and  more  data  can  be  kept  online,  which  enables  faster  recoveries.  Denton 
Central  Appraisal  District  (DCAD),  for  instance,  switched  to  a  StoneFly  Networks  disk- 
based  backup  system  and  now  can  back  up  its  50  servers  in  the  same  amount  of  time  it 
used  to  take  to  back  up  one. 

That’s  0.5T  to  2T  bytes  of  backup  per  night,  with  a  routine  average  of  400G  to  600G  bytes 
of  changed  data  written  to  back-up  disk  daily  according  to  Brad  Green,  director  of  infor¬ 
mation  services  at  DCAD,  the  fastest-growing  county  in  North  Texas. 

No  wonder  users  have  responded  to  these  new  back-up  technologies  with  great  enthu¬ 
siasm.  Companies  spent  $1.7  billion  on  disk-based  storage  in  2003,  according  to  Strategic 
Research.And  according  to  the  March  Enterprise  Strategy  Group  study  18%  of  respondents 
have  permanently  replaced  their  tape  libraries  with  disk-based  alternatives,  and  another 


58%  would  consider  doing  so.  Of  this  latter  group,  80% 
believe  they  will  replace  at  least  some  of  their  tape  libraries 
over  the  next  24  months. 

“Disk  storage  is  being  used  either  as  an  exclusive  method 
of  backup  or  as  an  intermediate  or  staging  area  before 
going  to  tape,”  says  Bill  North,  director  of  research  for  IDC’s 
Storage  Software  service. 

While  disk  backup  has  traditionally  been  seen  as  more 
expensive  than  tape,  Gerr  advises  users  to  consider  not  just 
acquisition  costs  but  also  operational  and  administrative 
costs  that  tape  requires,  such  as  media  management  and 
tape  swapping.  “Tape  is  much  more  labor-intensive  than 
disk,”  he  says.  “So  while  disk  is  more  costly  to  procure,  the 
total  cost  of  managing  it  is  far  less  than  the  total  cost  of 
managing  a  tape  environment.” 

But  it  doesn't  disappear  completely 

When  the  Texas  county’s  storage  needs  grew  fourfold  in  one  year,  it  switched  to  disk- 
based  backup  in  the  form  of  a  4.2T-byte,  $50,000  StoneFly  IP-based  storage-area  network 
fronted  by  Commvault  Systems’  QINetix  back-up  software.  DCAD  has  since  added  an  addi¬ 
tional  5T  bytes  of  disk. 

But  data  is  still  archived  on  a  Dell  tape  library  —  at  least  for  now. 

Green’s  goal  is  to  completely  move  away  from  tape. “You’re  resting  the  strength  of  your 
entire  business  on  that  millimeter-thin  little  tape,”  he  says. “That  just  doesn’t  work  for  me.” 
His  plan  is  to  implement  a  hot  site  and  synchronize  data  between  the  two  locations  over 
a  VPN  using  replication  software  from  StoneFly  as  well  as  NSI  Software’s  Geocluster  tech¬ 
nology  “If  my  plan  works,  we’ll  be  able  to  back  up  to  disk  offsite,”  he  says. 

Tape  is  still  the  least  expensive  means  of  long-term  archival,  Green  notes,  adding  he’d 
continue  to  use  it  for  very  long-term  archival  purposes.  “But  for  me  it’s  inherently  flawed, 
too  subject  to  failure  and  too  slow?’  he  says. 

North  agrees,  saying  that  “trucks  and  grocery  carts  are  still  less  expensive  than  the  band¬ 
width  required  by  replication.”That’s  why  companies  such  as  Avamar,  EMC  (with  its  con¬ 
tent-addressable  storage  system,  Centera)  and  Data  Domain  are  working  on  data  reduc¬ 
tion  algorithms  to  compress  or  otherwise  reduce  the  amount  of  data  that  needs  to  be 
stored  during  backups,  thus  reducing  disk  costs  and  minimizing  what  needs  to  be  sent. 

A  consumer  call  center  for  a  large  New  York  bank  is  looking  into  software  that  stores 
incremental  changes  rather  than  blocks  of  data  so  that  —  in  the  event  that  it  moves  to  a 


Probably  our 
biggest  challenge  is 
creating  tiers  of 
data  classification 

so  that  critical  data  still 
makes  it  to  tape  and  gets 
carried  out  of  here  ” 

Joe  Panfil.  director  of  enterprise  technology  services, 
Chicago  Mercantile  Exchange 


Too  many  T  bytes  for  tape 

Hospital  network  turns  to  a  continuous  data  protection  system. 
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Hal  Weiss,  systems  engineer  at  Baptist  Memorial 
Healthcare  in  Memphis,  tends  his  back-up  and 
recovery  environment  like  a  gardener.  And  just 
as  some  plants  require  shade  and  others  sun,  not  all 
applications  require  the  same  type  of  backup. 

Weiss  is  helping  Baptist  contend  with  new  federal 
regulations  and  exponentially  increasing  data  vol¬ 
umes.  And,  like  other  hospitals,  Baptist  Memorial  is 
moving  away  from  paper  and  film  to  an  electronic 
environment. 

“We've  told  physicians  to  meet  us  on  the  Internet 
and  well  give  them  access  to  ail  their  patient  data, 
including  views  of  X-rays  and  lab  results,  from  the 
convenience  of  their  home  or  office,"  Weiss  says. 

Baptist  Memorial  comprises  15  hospitals  in  three 
states  —  Arkansas,  Tennessee  and  northern  Missi¬ 
ssippi.  Storage  has  grown  from  2T  bytes  in  2002  to 
138T  bytes  by  the  middle  of  this  year.  Data  is  now 
growing  at  an  8T-byte  clip  per  year  and  —  to  be  com¬ 
pliant  with  the  Health  Insurance  Portability  and 
Accountability  Act —  must  be  maintained  seven  to  21 
years,  depending  on  the  patient's  age. 

One  of  the  problems  with  protecting  this  volume  of 
data  is  that  traditional  schemas  using  physical  tape 
don't  work.  “How  are  you  going  to  back  up  138  tera¬ 
bytes  to  physical  tape?”  Weiss  says.  "There’s  not 
enough  hours  in  a  day,  no  matter  how  many  tape  dri¬ 


ves  you  have." 

So  Baptist  uses  multiple  tiers  of  data  protection, 
including  host-based  mirroring,  a  Copan  virtual  tape 
system,  and  traditional  tape  for  deep  archiving.  But  it 
still  needed  something  else  for  its  very  complex  appli¬ 
cations  that  house  data  on  multiple  servers. 

An  example  is  Mckesson's  Horizon  Patient  Folder, 
which  relies  on  two  servers  that  have  to  be  synchro¬ 
nized  —  a  database  that  keeps  pointers  to  all  the 
images  that  make  up  the  patient  folder  and  an  image 
server  that  stores  those  folders.  In  Baptist’s  metropoli¬ 
tan  environment,  which  comprises  five  hospitals,  this 
application  eats  up  7.5T  bytes  of  data.  "If  you  tried  to 
back  that  up  on  physical  tape,  it  would  take  20  days, 
and  to  restore  it  wouid  be  40  days  or  more,”  Weiss 
says.  Plus,  the  data  wouid  not  be  synchronized. 

For  this  application,  Weiss  turned  to  Revivio’s  CPS 
1200,  a  continuous  data  protection  (CDP)  system  that, 
lets  companies  restore  data  to  any  point  in  time  and 
recover  business  applications  in  minutes. 

Unlike  snapshot  technology,  which  takes  snapshots 
at  predetermined  times,  CDP  systems  capture  every 
change  made  to  a  file  and  separately  maintain  a  log 
and  time  stamp  for  every  write  made  to  disk.  "The 
effect  is  that  you  can  literally  turn  back  the  clock  to 
any  one  of  those  changes,”  says  Bill  North,  director  of 
research  for  I  DC’s  Storage  Software  service. 


CDP  technology  has  yet  to  hit  the  mainstream,  and 
it’s  not  a  technology  for  everyone.  "For  users  that 
require  ultimate  granularity  in  their  recovery  opera¬ 
tions,  CDP  is  the  Holy  Grail,”  says  Pete  Gerr,  senior 
analyst  at  Enterprise  Strategy  Group.  "But  main¬ 
stream  users  are  still  somewhat  hesitant  to  deploy  the 
technology." 

"We're  at  the  early  stages  of  market  development  for 
CDP,"  acknowledges  Kirby  Wadsworth,  senior  vice 
president  of  marketing  for  Revivic.  Other  vendors 
include  Mendocino  Software, Timesp|fng  Software 
and  XOsoft. 

Even  so,  a  surprisingly  iarge  percentage  of  Enter¬ 
prise  Strategy  Group  survey  respondents  (6 
they  were  familiar  with  CDP. 

Baptist  plans  to  expand  Revlvlo  In  2008  to  cover  its 
clinical  document  applications.  By  2007,  Weiss  hops 
to  replicate  the  Revivio  backup  to  another  Revlvlo 
device  at  an  offsite  location  for  disaster-protection. 

But  this  wouldn’t  be  your  traditional  asynchronous 
replication.  “With  tr  aditional  replication,  you  might  get 
a  recovery  point  every  four. to  six  hours,”  Wadsworth 
says.  "With  our  -systems,  you  could  have  a  failure  at 
noon  in  Boston,  and  at  12:01:01  in  Chicago,  you  could 
effect  a  restoration  of  the  Boston  data,  and  Chicago 
would  have  an  exact  copy." 
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disk-based  archival  strategy  —  it  will  have  less  data  to  send  over  the 
wire.  Officials  at  the  call  center  were  recently  given  the  directive  to 
move  away  from  all  physical  transportation  of  media  to  protect 
confidential  data  —  which  eventually  will  rule  out  tape  even  for 
offsite  storage. 

The  call  center  made  some  preliminary  steps  in  that  direction 
when  it  recently  solved  its  tape  library-based  back-up  woes  with  a 
RAID-based  virtual  tape  library  from  Sepaton.  Day-to-day  backups 
now  go  to  a  Sepaton  disk-based  system,  traveling  to  the  IBM  3494 
tape  library  only  when  it’s  time  for  archiving  and  offsite  storage. 

With  the  tape-based  system,  a  full  backup  could  take  three  days, 
but  by  backing  up  data  to  a  Sepaton  virtual  tape  library,  the  bank 
not  only  can  continue  using  its  legacy  Tivoli  Storage  Manager 
(TSM)  back-up  software,  but  also  a  full  backup  takes  just  three 
hours.  Further, buying  the  Sepaton  virtual  tape  library  instead  of  a 
new  tape  cabinet  and  additional  drives  represented  a  50%  cost 
savings. 

The  call  center  plans  to  take  another  step  in  favor  of  disk  backup 
by  purchasing  a  second  Sepaton  virtual  tape  library,  locating  it  in 
an  on-campus  building  and  having  it  perform  duplicate  backups 
and  restores  using  the  replication  capabilities  of  the  TSM  software. 
The  call  center  will  continue  using  tape  for  offsite  storage  until  it 
hatches  a  cost-effective,  offsite  replication  plan  using  a  data-reduc- 
tion  algorithm. 

The  problem  with  many  of  these  data-reduction  algorithms  is  that 
because  data  is  not  kept  in  one,  intact  file,  there’s  a  process  associ¬ 
ated  with  restructuring  the  data  when  you  need  to  restore  it,  North 
says.  “You  wouldn’t  want  to  do  that  in  a  transaction  database  that 
processes  thousands  of  orders  an  hour’’ he  says.“It  tends  to  be  used 
for  data  that  is  infrequently  accessed  but  where  the  time  to  retrieve 
it  may  be  shorter  than  if  it’s  offsite  in  a  tape  vault  somewhere.” 

Tape  takes  up  residence  offsite 

There  are  other  reasons  why  companies  still  turn  to  tape  for  off¬ 
site  storage.  At  the  Chicago  Mercantile  Exchange,  trading  and  clear¬ 
ing  applications  are  replicated  between  two  data  centers  for  busi¬ 
ness-continuity  purposes.  Copan  Systems  virtual  tape  libraries  are 
installed  at  both  sites  to  resolve  the  problem  of  shrinking  backup 
windows,  and  both  are  managed  by  Veritas  NetBackup  software. 
Two  StorageTek  tape  silos  take  care  of  archiving. 

Critical  data  does  not  just  get  backed  up  on  Copan  virtual  tape 
libraries,  however,  says  Joe  Panfil,  director  of  enterprise  technol¬ 
ogy  services  at  the  Chicago  Mercantile  Exchange.“Probably  our 
biggest  challenge  is  creating  tiers  of  data  classification  so  that 
critical  data  still  makes  it  to  tape  and  gets  carried  out  of  here,” 
he  says.  Less-critical  data  stays  on  disk  for  a  few  weeks  and  then 
gets  written  over. 

Federal  regulations  require  some  data  to  be  stored  on  media 
that  cannot  be  erased,  which  eliminates  many  disk-based  stor¬ 
age  systems.  EMC’s  Centera  is  an  exception,  and  the  exchange 
would  consider  that,  Panfil  says.“My  belief  is  that  tape  eventual¬ 
ly  has  to  die, but  it  will  be  when  regulators  say  there’s  been  some 
media  to  replace  it  that’s  acceptable,”  Panfil  says.“If  we’re  forced 
to  retain  data  for  seven  years,  and  it  has  to  be  external  to  [the 
Chicago  Mercantile  Exchange],  tape  or  optical  becomes  the 
only  way  to  do  that.” 

Disk  will  eventually  dominate 

According  to  Taneja,  this  is  only  the  first  phase  of  backup’s  matu¬ 
ration,  and  while  tape  might  lose  its  place  in  the  back-up  environ¬ 
ment,  it  will  occur  slowly  He  recently  completed  a  survey  of  250 
midsize  and  large  companies,  95%  of  which  said  they  were  not  yet 
ready  to  let  go  of  tape.“Customers  don’t  want  to  change  too  many 
variables  at  one  time,”  he  says.“That’s  been  their  crutch  for  the  last 
25  years,  and  they  don’t  want  to  lose  it.” 

But  in  the  next  phase,  which  Taneja  estimates  is  12  to  18  months 
away,  people  will  become  more  comfortable  with  disk-based  back¬ 
up  and  thus  disk-to-disk  replication  over  distance.  ‘At  that  point, 
people  will  say, ‘Eureka  —  why  have  tape  at  all?”’  he  says  because 
you’ve  established  your  offsite  archive  on  disk. 

Brandel  is  a  freelance  writer  in  Michigan.  She  can  be  reached  at 
mary.  brandel@comcast.  net. 
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Better  than  tape 


According  to  the  Enterprise  Strategy  Group,  several  new  technologies 
have  emerged  that  can  be  used  as  replacements  for  tape  backup.  They 
include: 

•  VIRTUAL  TAPE  LIBRARY:  Software-  or  appliance-based  technology  designed  to  make  a 
disk  array  emulate  a  tape  library.  This  provides  back-up  and  recovery  performance  benefits  com¬ 
pared  with  tape-based  solutions  but  lets  users  continue  using  technologies  and  processes 
designed  to  work  with  their  tape  environments.  Vendors  include  ADIC,  Alacritus,  Diligent,  Falcon- 
Stor,  Neartek,  Overland,  Quantum,  Sepaton  and  SpectraLogic. 

•  NEAR-LINE  DISK  TARGET:  A  disk  array  that  acts  as  a  target  or  cache  for  tape  backup. 
These  arrays  typically  offer  faster  back-up  and  recovery  times  when  compared  with  tape  and 
are  cost-effective  because  they're  increasingly  based  on  low-cost  Advanced  Technology  Attach¬ 
ment  disk  drives.  Unlike  virtual  tape  libraries,  however,  they  typically  require  configuration  and 
process  changes  to  existing  back-up/recovery  operations.  Vendors  include  Engenio,  Network 
Appliance  and  Nexsan. 

•  CONTENT-ADDRESSABLE  ST ORAGE  (CAS):  A  disk-based  storage  system  that 
uses  the  content  of  the  data  as  a  locator  for  the  information,  eliminating  dependence  on  file  sys¬ 
tem  locators  or  volume/block/device  descriptors  to  identify  and  locate  specific  data.  CAS  is 
often  used  as  a  new  storage  paradigm  for  archiving  reference  information.  EMC’s  Centera  is  an 
example  of  CAS. 

•  MASSIVE  ARRAY  OF  IDLE  DISKS  (MAID):  A  disk  system  in  which  disks  spin  only 
when  necessary  (such  as  during  read/write  operations),  reducing  total  power  consumption  and 
enabling  massive  high-capacity  disk  systems  with  comparable  economics  to  tape  libraries. 
Copan  Systems’  Revolution  200T  is  an  example  of  MAID. 

•  SNAPSHOTS  AND  INCREMENTAL  CAPTURE:  A  snapshot  is  a  copy  of  a  volume 
that  is  essentially  empty  but  has  pointers  to  existing  files.  When  one  of  the  files  changes,  the 
snap  volume  creates  a  copy  of  the  original  file  just  before  the  new  file  is  written  to  disk  on  the 
original  volume.  As  such,  IT  administrators  have  a  second  copy  of  data  saved  to  disk  that  they 
can  use  for  instantaneous  recovery  or  as  an  offline  copy  for  backups.  A  variety  of  vendors  offer 
some  type  of  snapshot  capability. 

•  INCREMENTAL  CAPTURE:  Vendors  in  this  category  can  replace  existing  back-up  tech¬ 
nologies  or  co-exist  with  them.  Incremental  capture  solutions  can  take  snapshots  at  the  block, 
file  or  volume  levei.  This  gives  users  more  detail  when  capturing  data  and  offers  unique  integra¬ 
tion  capabilities  with  applications  because  these  products  typically  write  at  the  block  level.  FilesX 
is  an  example  of  incremental  capture. 

•  CONTINUOUS  CAPTURE:  Includes  software  or  appliances  designed  to  capture  every 
write  made  to  primary  storage  and  make  a  time-stamped  copy  on  a  secondary  device.  The  main 
objective  is  re-creating  a  data  set  as  it  existed  at  any  point  in  time,  with  the  goal  of  being  able  to 
rapidly  restore  applications.  Vendors  include  Alacritus,  Mendocino  Software,  Revivio  and 
StorageTek. 

•  ARRAY-BASED  REPLICATION:  These  products  have  traditionally  come  from  large  disk 
array  vendors  such  as  EMC,  Hitachi  Data  Systems  and  IBM.  Early  products  were  robust  but 
expensive  and  only  worked  between  homogeneous  arrays  from  the  same  vendor.  Today,  that 
requirement  no  longer  exists,  prices  have  come  down,  and  new  vendors  are  getting  into  the 
game.  Vendors  such  as  EqualLogic,  Exagrid  and  Intransa  provide  replication  with  their  disk 
arrays  at  relatively  low  prices. 

•  HOST-BASED  REPLICATION:  Host-based  replication  software  runs  on  servers  As 
writes  are  made  to  one  array,  they  are  also  written  to  a  second  array.  Vendors  in  this  category 
have  made  this  technology  easier  to  deploy  and  manage.  They  include  EMC-Legato,  DataCore 
Software,  NSI,  Softek,  Sun.Topio  and  Veritas  Software. 

•  FABRIC-BASED  REPLICATION:  Enterprise  Strategy  Group  expects  a  strong  trend 
toward  fabric-based  intelligence  over  the  next  few  years  because  of  a  number  of  potential 
advantages.  For  example,  the  sooner  an  I/O  is  captured,  the  sooner  it  can  bo  sent  to  a  secondary 
device,  thus  enabling  better  performance.  Vendors  include  Brocade  Common:  .anons.  C  mdera, 
Cisco,  CNT,  FalconStor,  IBM,  Kashya,  Maranti  Networks,  McData  and  Troika  A  vat  sety  of  tradi¬ 
tional  switch  vendors  are  putting  intelligent  blades  into  their  core  products,  and  third-party  devel¬ 
opers  are  porting  their  applications  to  the  blades. 
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Thor  thunders  over  user  provisioning  tasks 

Um  BY  MANDY  ANDRESS,  NETWORK  WORLD  LAB  ALLIANCE 

p  there  with  authentication  and  authorization,  account  provisioning  is 
one  of  the  big  three  components  in  any  identity  management  scheme.  In 
our  Clear  Choice  test  of  Thor  Technologies’  latest  version  of  Xellerate 
Identity  Manager  (8.01),  we  found  that  the  platform  provides  flexible  account  pro¬ 
visioning  across  a  multitude  of  products  and  technologies, supporting  even  the  most 
complex  of  workflows. 


At  its  most  basic  level,  provisioning  soft¬ 
ware  helps  automate  the  creation  of  user 
accounts.The  processes  and  workflows  a 
company  uses  to  create,  assign,  approve, 
and  audit  user  accounts  all  can  be  man¬ 
aged  through  this  type  of  software. 

Workflows  can  be  configured  to  auto¬ 
matically  create  Active  Directory, 
PeopleSoft  and  Lightweight  Directory 
Access  Protocol  (LDAP)  accounts  for 
new  employees  from  one  administrator 
screen  once  some  basic  information 
about  the  new  user  is  entered.  This 
greatly  improves  efficiency  by  drastical¬ 
ly  shortening  the  amount  of  time  it 
takes  to  create  new  accounts  or  modify 
current  user  groups.  The  provisioning 
process  also  can  include  approvals, 
such  as  requiring  manager  approval 
before  the  new  user  accounts  are  creat¬ 
ed,  making  a  central  provisioning  server 
key  for  audit  compliance. 

Xellerate’s  architecture  comprises  the 
Xellerate  Server,  an  administrative  con¬ 
sole  and  a  database.  The  Xellerate 
Server  is  the  central  component  of  the 
product,  provid- 
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Company:  ThorTechnologies, 
www.thortech.com  Cost:  $140,000  for  full 
platform  license  with  unlimited  servers 
and  rights  to  all  development  tools;  user 
licenses  range  from  $2  to  $50  based  on 
volume;  $25,000  for  each  adapter  license. 
Pros:  Extremely  flexible;  wide  support 
for  enterprise  applications.  Con:  Complex 
product  with  steep  learning  curve. 
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ing  the  intelligence  to  implement  the 
configured  processes  and  workflows.  It 
enables  the  integration  with  external 
resources  such  as  LDAR  Web  services 
and  custom  applications.  The  adminis¬ 
tration  console  includes  a  Java  console 
application,  a  Web  front-end  accessible 
through  a  browser,  or  a  custom  applica¬ 
tion  built  on  the  API.The  database,  usu¬ 
ally  Oracle,  but  SQL  Server  also  is  sup¬ 
ported,  contains  all  the  processes. 

Xellerate  is  very  flexible,  supporting 
simple  and  complex  account  mainte¬ 
nance  workflows.  This  flexibility  lets  or¬ 
ganizations  implement  provisioning 
around  current  processes. 

Integration  support  is  provided  through 
resource  adapters  —  pieces  of  code  that 
run  inside  the  server  —  for  a  number  of 
enterprise  products,  including  SAP 
PeopleSoft  and  Active  Directory.  The 
resource  adapters  let  the  Xellerate  Server 
communicate  and  control  how  applica¬ 
tions  create  accounts  or  modify  attribut¬ 
es  of  current  accounts.  These  resource 
adapters  could  just  be  directly  writing 
user  information  to  an  LDAP  database  or 
making  a  specific  user  account  function 
call  through  an  API  to  make  the  change. 
Custom  resource  adapters  can  be  devel¬ 
oped  for  nearly  any  application  using 
Thor’s  developer  kit. 

We  installed  Xellerate  on  a  Windows 
2000  Advanced  Server  running  Jboss  — 
an  open  source  Java  2  Platform  Enter¬ 
prise  Edition  application  server  —  and 
Oracle  as  the  database  back  end  (see 
How  We  Did  It,  above)  .We  integrated  with 
Active  Directory  Exchange  Server  2000, 
and  a  SunOne  LDAP  server. 

Xellerate  is  a  complex  product  with  a 
relatively  steep  learning  curve, although  it 
is  pretty  intuitive  once  you  understand 
the  basics.  We  would  like  to  see  some 
configuration  wizards  help  with  the  inte¬ 
gration  and  creation  for  new  users. 

We  implemented  a  number  of  scenar¬ 
ios  to  test  the  flexibility  and  complexity 
Xellerate  can  support.  We  set  up  a  policy 
that  would  automatically  place  any  new 
user  with  “full-time”  or  “part-time”  status  in 
the  Employees  group  of  our  schema  and 
any  user  defined  as  an  Intern  in  the  In- 


How  We  Did  It 


We  installed  Xellerate  on  Windows  2000  Advanced  Server  (SP  4),  using 

Oracle  9i  (9.2.0.1)  as  the  database  and  JBoss  3.2.2  as  the  application  serv¬ 
er.  This  was  installed  on  a  P4  3.0-GHz  server  with  800M  bytes  of  RAM. 

We  integrated  with  Active  Directory,  Exchange  Server  2000  and  SunOne  LDAP 
servers  for  account  creation.  We  then  defined  several  corporate  scenarios  to 
implement  that  provide  varying  levels  of  complexity  in  creating  accounts, 
automating  processes  and  approving  requests. 

After  implementing  all  scenarios,  we  tested  report  generation  and  created 
reports  detailing  which  user  accounts  had  accessed  each  application  and 
reports  detailing  provisioning  tasks  by  date. 


tern  group.  We  then  expanded  these  pro¬ 
cesses  to  automatically  have  Exchange 
and  Active  Directory  accounts  created 
when  a  new  user  is  placed  in  either  the 
Intern  or  Employees  groups.  Testing  sev¬ 
eral  accounts,  this  process  worked  seam¬ 
lessly  However,  it’s  important  to  note  that 
to  create  the  Exchange  and  Active  Di¬ 
rectory  accounts,  you  need  to  have  a  de¬ 
tailed  understanding  of  how  your  Active 
Directory  implementation  is  configured, 
which  might  add  some  complexity  to  the 
setup  process. 

Xellerate  also  supports  self-service 
and  approval  workflows.  Self-service 
workflows  provide  forms  and  processes 
that  users  can  complete  themselves,  fur¬ 
ther  automating  tasks  and  alleviating 
over-worked  administrators.  Approval 
workflows  automate  the  review  and 
acceptance  processes  of  user  requests 
that  are  often  required  for  compliance. 
We  tested  the  process  of  receiving  a 
request  from  an  employee  for  access  to 
an  internal  site  controlled  through  a 
SunOne  LDAP  server.  We  implemented 
a  process  that  receives  the  request 
through  a  Web  interface,  routes  the 
request  to  the  employee’s  manager  for 
approval  and,  once  approved,  automati¬ 
cally  adds  the  user  to  the  LDAP  server. 
We  tested  several  accounts  with  this 
process,  and  everything  worked  as 
expected. 

We  also  extended  the  first  process  with¬ 
out  incident  to  add  a  layer  of  manager 
approval  for  new  Active  Directory  and 
Exchange  accounts.  We  also  created 
more  complex  workflows,  providing  dif¬ 


ferent  approval  paths  based  on  the  re¬ 
questing  user.  We  established  a  separate 
approval  chain  for  contractors  request¬ 
ing  access  to  the  internal  site  than  em¬ 
ployees,  who  just  required  manager 
approval. 

We  built  processes  to  pre-populate  con¬ 
figuration  information  for  resources, such 
as  Active  Directory  and  Exchange.  This 
lets  the  provisioning  process  be  com¬ 
pletely  automated  from  end  to  end. 

Finally,  we  set  up  direct  integration 
with  Oracle  9i  to  Crystal  Reports  soft¬ 
ware  to  create  a  number  of  reports  from 
stored  procedures,  such  as  what  users 
have  which  accounts,  by  application, 
provisioning  date,  user  ID  and  the  like. 
The  standard  reports  are  useful  and 
easy  to  read.  With  the  Crystal  Reports 
engine,  custom  reports  can  be  easily 
created  with  any  data  in  the  database. 

With  all  the  regulations  and  audit  re¬ 
quirements  now  required  for  many  orga¬ 
nizations,  provisioning  products  help 
automate  implementation  and  track  ad¬ 
herence  to  defined  policies  for  creating 
and  approving  application  access.  Thor’s 
Xellerate  is  a  very  powerful,  complex 
tool.  While  the  learning  curve  is  a  bit 
steep  to  get  everything  going,  once  the 
base  is  set  up  and  all  the  integration  is 
complete,  you  are  only  limited  by  your 
imagination  when  it  comes  to  process 
implementation  and  automation. 

Andress  is  president  ofArcSec  Technolo¬ 
gies,  a  security  company  focusing  on  prod¬ 
uct  reviews  and  analysis.  She  can  be 
reached  at  mandy@arcsec.com. 


www.networkworld.com 

E-mail  Newsletter  Showcase:  Technology  executive 

5/16/05 

NetworkWorld 

43 

What’s  your 
company’s 
policy  on  IMP 

■  BY  LINDA  MUSTHALER 

Consider  this  scenario:  You  have  your 
whole  staff  assembled  for  a  planning 
meeting.  People  have  their  laptops  and 
BlackBerries  to  take  notes  and  respond  to 
urgent  e-mail. Two  employees  in  the  back 
of  the  room  are  sending  each  other  in¬ 
stant  messages  to  keep  from  nodding  off. 
One  sends  an  off-hand  comment  to  the 
other  about  the  department’s  young  new 
intern.  Although  no  one  else  in  the  room 
is  aware  of  this  private  conversation,  it 
could  present  significant  problems  to  the 
company  some  day. 

The  fact  that  this  electronic  conversation 
took  place  using  company  resources  — 
the  computers  and  communication  net¬ 
work  —  makes  this  an  official  company 
record.  What’s  more,  if  the  day  ever  came 
when  the  intern  sues  the  company  over 
sexual  harassment  issues,  the  company 
could  be  required  to  produce  a  record  of 
that  flippant  remark  that  was  never  in¬ 
tended  to  go  beyond  the  two  guys  in  the 
back  of  the  room.  Those  couple  of  words, 
sent  “instantly”  from  one  person  to  another, 
could  be  a  smoking  gun. 

Lest  you  think, “This  could  never  happen 
to  us,”  let  me  give  you  some  eye-popping 
statistics  from  the  2004  Workplace  Email 
and  Instant  Messaging  Survey  conducted 
by  the  American  Management  Association 
and  The  efblicy  Institute.  They  surveyed 
840  U.S.  companies  for  their  data.  Of  the 
companies  that  said  they  use  IM  in  the 
workplace,  58%  said  the  service  is  used  for 
personal  chats.  Survey  respondents  report 
sending  and  receiving  the  following  types 
of  potentially  damaging  IM  content: 

•  Attachments:  19% 

•  Jokes,  gossip,  rumors  or  disparaging 
remarks:  16% 

•  Confidential  information  about  the 
company,  a  co-worker  or  client:  9% 

•  Sexual,  romantic  or  pornographic  con¬ 
tent:  6% 

Those  numbers  are  low. Though  1  am  not 
an  avid  user  of  IM,  I  know  plenty  of  people 
who  are,  and  they  tend  to  put  things  in  in¬ 
stant  messages  that  they  would  never  com¬ 
mit  to  an  e-mail  message  because  the  ser¬ 
vice  “feels  more  private.” 

It  all  boils  down  to  this:  IM  is  an  accepted 
form  of  electronic  communication,  and  it 
should  be  treated  like  one.  That  is,  the  IT 
department  has  an  obligation  to  help  the 
company  select  the  appropriate  technol¬ 


ogy  for  a  messaging  service,  and  implement 
policies  and  procedures  regarding  security 
records  retention  and  acceptable  usage. 

Banning  the  use  of  IM  for  business  isn’t 
the  answer.  Many  companies  find  that  IM 
increases  productivity  when  it  is  used  prop¬ 
erly  Companies  are  urged  to  take  control  of 


IM  like  they  would  any  other  IT  tool.  In  his 
story  for  the  Wisconsin  Technology  Net¬ 
work,  attorney  Brian  Paul  recommends  that 
companies  develop  a  policy  dictating  how 
they  handle  and  retain  instant  messaging, 
including  an  official  company  stance  on  IM 
content  and  use. 


Without  the  proper  policies  and  controls, 
your  company  can  find  itself  taking  some 
pretty  big  risks. 

Musthaler  is  vice  president  of  Currid  & 
Company.  She  can  be  reached  at  Linda. 
Musthaler@currid.  com. 
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2  minutes  to  audit 
the  entire  network? 


Don't  tell  anyone 
or  they'll  find 
something  else 
for  you  to  do! 


AuditWizard  V6  -  Simply  Effective 

No  other  software  makes  auditing  your  network  as  quick  and  easy 
as  AuditWizard™. 

Install,  then  sit  back  and  let  AuditWizard™  do  all  the  complicated  stuff. 
AuditWizard™  will  automatically  discover  all  of  the  PCs  connected  to  your  network 
then  conduct  a  comprehensive  software  and  hardware  audit  of  each  one  -  without 
any  user  intervention  from  you. 

So  when  the  boss  asks  for  that  Software  License  Compliance  Report  -  you're 
good  to  go... 

...if  only  everything  in  life  was  as  simple  to  use  as  AuditWizard™ 

For  more  information  telephone  813  319  1390 
or  email  sales@auditwizard.com 

Download  a  FREE  trial  today!  www.auditwizard.com 
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presence  with  red-hot  information  and 
maintenance-free  content?  Have  you  searched 
for  professional  content  only  to  discover  it 
was  too  expensive?  1&1  has  your  solution. 


Adding  content  to  your  site  is  quick  and  easy 


with  the  1&1  Dynamic  Content  Catalog.  Select 


there  s  no  software  to  install,  and  it  s  even 
compatible  with  1  &1  's  intuitive  site  building 
tools  or  your  favorite  web  editor.  And,  thanks 


Easy  &  Always  Up-to-Date 


Website  Content  like 
the  Big  Players 
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from  a  larcie  rancie  of  topics  -  at  no  extra  cost! 
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always  current  and  completely  maintenance  free. 


Add  Dynamic  vwe 


Personal  &  Businc 


Modules  of  the  1&1  Dynamic 
Content  Catalog: 


■  Current  news  on  politics, 
economics,  culture  and 
international  affairs 

■  Sports  highlights  and 
game  scores 

e  Entertainment 

*  Health 


■  Travel  information 

■  Online  games 

■  Market  reports 
&  stock  quotes 

■  Science  news 

■  Technology  news 

■  Weather  outlook 
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The  Washington  Huskies  gol  an  earty  start  on  playing  at 
another  level  The  Huskies  flew  to  Albuquerque,  N  M .  the  site  of 
their  regional  semifinal  against  Louisville,  on  Monday  to  get 
accustomed  to  the  city's  5,31 4-foot  altitude.  The  team  normally 
would  have  left  campus  a  day  later  to  prepare  for  Thursday's 
game,  but  coach  Lorenzo  Romar  wanted  his  piaye'8  to  build  up 
their  endurance 
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Weather: 


Keep  your  visitors  abreast  of  the 
latest  political,  economic,  cultural, 
and  sports  news.  Make  your  site  the 
source  for  real-time  information. 


Entice  your  visitors  with  information 
on  39  worldwide  travel  destinations, 
complete  with  beautiful,  full-color 
photographs. 


Display  the  local,  regional  or  national 
weather  forecast  on  your  website, 
with  temperature  and  weather  maps,  5- 
day  forecasts,  and  more. 
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EXCLUSIVELY  FROM  1&1  i  INCLUDES  1  DOMAIN 


Content  to 

>s  Websites 


1&1  has  even  more  to  offer: 


PACKAGE  FEATURES 


Web  space 


1,000  MB 


1,000  MB 


■  Monthly  transfer  volume 

25  GB 

25  GB 

■  FTP  accounts 

1 

1 

■  1  &1  Control  Panel 

/ 
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■  90-day  Money  Back  Guarantee 

/ 
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■  Loafiles 
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MARKETING  TOOLS 

1  ■  Chat  channels 
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I  ■  1  &1  WebStatistics 
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SITE-BUILDING  TOOLS 
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■  PDF2Web  Converter 
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■  DynamicSiteCreator 
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■  Graphic  archive 
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■  WebsiteCreator 
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■  Subdomains 
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■  Run  multiple  independent  sites 
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■  Full  DNS  manaqement 
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E-MAIL 

■  E-mail  accounts  w/ 1  GB  space  each 

200 
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■  Aliases,  auto-responders, 
forwardinq 
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■  1  &1  WebMail 
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■  Spam  filterinq  for  all  accounts 
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■  Virus  protection  for  all  accounts 

y 

y 

SECURITY  FEATURES 
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■  Protected  by  up-to-date  firewall 
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■  Daily  backups 
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■  Password  protected 
directories 
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■  Dedicated  SSL  Certificate 
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QoS  talking  points 

How  to  navigate  the  politics  of  a  quality-of-service  initiative. 


■  BY  CURT  CORNUM 

Politics  are  a  part  of  virtually  all  network  initiatives,  and  nowhere  is  that  more  evident  than 
with  QoS.  While  most  network  managers  concede  that  QoS  is  a  prerequisite  for  real-time 
applications  such  as  VoIP  and  interactive  video,  many  of  those  same  managers  are  reluc¬ 
tant  to  embrace  QoS  for  data  applications  because  of  the  political  pitfalls.This  reluctance 
is  starting  to  impede  business  productivity  and  is  increasing  bandwidth  costs. 


A  network  manager  is  often  stretched  in  many  directions 
by  department  heads  who  try  to  use  their  clout  to  get  their 
applications  pushed  to  the  top  of  the  heap. 

The  benefits  of  QoS  are  real:  More  predictable  perfor¬ 
mance,  more  efficient  use  of  bandwidth,  and  more 
detailed  control  of  network  resources.  However,  because 
QoS  has  the  ability  to  provide  better  (or  worse)  service  to 
specific  applications,  the  stakeholders  of  those  applica¬ 
tions  have  a  vested  interest  and,  therefore,  the  politics  also 
are  quite  real. 

To  effectively  implement  QoS,  network  managers  need  to 
develop  not  only  a  strategy  for  deployment,  but  they  must 
also  develop  a  communication  plan  to  set  the  agenda  and 
reduce  the  political  pressures  that  have  derailed  many  QoS 
initiatives. To  help  with  this  effort,  consider  the  following: 

1.  Set  realistic  expectations. 

Create  a  “QoS  101”  presentation  or  primer  document 
that  provides  a  high-level  overview  of  QoS:  What  it  is  (and 
isn’t),  how  it  works  and  the  benefits  to  the  organization. 
QoS  is  a  complex  topic,  and  creating  this  primer  will  help 
business  managers  understand  the  technology  and  pro¬ 
vide  a  common  language  to  ensure  that  the  IT  staff  is 
delivering  a  consistent  message. 

2.  Glearly  determine  the  objectives. 

Best  practices  suggest  that  certain  applications  should  be 
identified  and  given  priority  In  other  words,  these  traffic 
flows  should  be  “promoted.”  Another  school  of  thought  sug¬ 
gests  that  because  there  are  specific  applications  that  cre¬ 
ate  network  congestion  (such  as  Microsoft’s  SMS  and  FTP), 
it  is  more  efficient  to  identify  these  flows  so  that  they  can 
be  de-prioritized  or“demoted.”From  a  practical  standpoint, 
a  combination  of  the  two  approaches  likely  will  be  used. 
For  example, a  leading  financial  services  company  initially 
focused  on  protecting  its  network  by  “demoting”  non-inter- 
aciive  traffic  and  bulk  file  transfers.With  those  applications 
pushed  into  the  background,  the  company  then  could 
“promote”  its  revenue-generating  applications,  which  were 
n  ore  interactive  and  transaction-oriented. 

Regardless  of  the  initial  approach,  the  critical  success 
factor  ls  to  ensure  that  the  overall  objectives  for  QoS  are 
.•veil  documented  and  endorsed  by  an  executive  sponsor 
belore  deployment. 


3.  Classify  traffic  based  on  technical  profiles. 

Most  networks  are  shared  resources  that  provide  con¬ 
nectivity  to  multiple  business  units.  If  you  ask  any  business 
manager,  he  will  say  that  his  application  is  mission-critical 
and  should  receive  preferential  treatment.This  is  the  point 
where  politics  can  overwhelm  the  project.  To  promote 
objectivity  and  consistency  terms  like  mission-critical  and 
best  effort  should  be  avoided. 

Instead,  the  focus  should  be  on  creating  profiles  based  on 
the  technical  aspects  of  the  traffic  flows.These  profiles  (see 
graphic,  below)  should  include  the  service-level  require¬ 
ments  for  each  application  (such  as  protocol,  packet  size 
and  bandwidth)  as  well  as  its  ability  to  deal  with  the  effects 
of  congestion  (for  example,  delay  jitter  and  packet  loss). 

4.  Build  a  strong  cross-functional  team. 

Implementing  QoS  is  not  for  network  novices.  With  tools 
like  Weighted  Fair  Queuing,  Random  Early  Detection  and 
Link  Fragmentation  at  their  disposal,  it  is  critical  that  engi¬ 
neers  understand  the  function  and  interaction  of  each  tool 
before  developing  QoS  policies.Those  who  handle  opera¬ 
tions  and  capacity  planning  will  need  to  interpret  traffic 
flows  at  a  more  detailed  level  than  before  to  determine  if 
the  QoS  policies  are  having  the  desired  effect.To  promote 
interdepartmental  communications  and  knowledge  trans¬ 
fer,  a  virtual  team  consisting  of  members  from  each  area 


QoS  categories 


should  be  formed.  Also,  sufficient  training  dollars  should 
be  included  in  the  business  case  for  initial  implementa¬ 
tion. 

5.  Start  small  and  get  a  quick  win. 

After  the  QoS  policies  have  been  developed,  a  small 
number  of  sites  should  be  selected  for  a  controlled  intro¬ 
duction.  Generally  speaking,  QoS  will  have  the  biggest 
effect  on  sites  that  match  the  following  criteria: 

•  Slower  speed  WAN  links  (less  than  a  T-l). 

•  Periods  of  transient  congestion  (not  chronically  over¬ 
subscribed). 

•  Combination  of  interactive  (foreground)  and  non¬ 
interactive  (background)  traffic. 

The  initial  sites  should  match  these  criteria  and  have  the 
backing  of  the  largest  stakeholder.  Have  network-monitor¬ 
ing  tools  in  place  to  analyze  the  traffic  flows  and  modify 
the  policies  if  they  produce  unexpected  results.  After  IT  val¬ 
idates  the  policies  with  live  traffic,  communicate  the  results 
to  the  stakeholders  and  the  executive  sponsor. 

At  some  point,  all  enterprise  networks  will  have  to  pro¬ 
vide  differentiated  services  and  doing  so  on  a  large  scale  is 
a  significant  undertaking.  By  proactively  developing  a 
deployment  strategy  and  communication  plan,  network 
managers  can  set  the  agenda,  reduce  the  political  pres¬ 
sures  and  ultimately  provide  more  predictable  delivery  of 
all  traffic  throughout  the  network. 

Cornum  is  senior  manager  of  strategy  for  the  consulting 
practice  of  Calence.  He  can  be  reached  at  ccornum@ 
calence.com. 

Get  more  online! 

Learn  about  the  Wireless  Multimedia  specification 
for  boosting  wireless  QoS. 

www.networkwoiid.com  DocFinder:  7127 


One  way  to  de-politicize  QoS  deployment  is  to  create  profiles  based  on  the  technical  aspects 
of  the  various  types  of  traffic  flows  on  your  network. 


Classification 

Profile/QoS 

Protocol 

requirements 
Packet  size 

Bandwidth 

Delay 

Jitter 

Loss 

IP  Voice 

UDP 

Small 

Low 

Low 

Low 

Low 

IP  Video 

UDP 

Variable 

High 

Low 

Low 

Low 

Certified 

TCP/UDP 

Small 

Low 

Low 

Moderate 

Low 

Express 

TCP 

Small 

Low 

Low 

High 

Low 

Business 

TCP 

Variable 

Moderate 

Moderate 

High 

Moderate 

Standard 

TCP 

Large 

High 

High 

High 

High 

SOURCE:  CALENCE 
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The  Next-Generation  IT  Infrastructure 

Cyclades  AlterPath™  System  is  the  industry's  most  comprehensive  Out-of-Band 
Infrastructure  (OOBI)  system.  The  AlterPath  System  allows  remote  data  center 
administration,  eliminating  the  need  for  most  time-consuming,  remedial  site 
visits.  When  fully  deployed  in  your  data  center,  Cyclades  AlterPath  System  lowers 
the  risks  associated  with  outages,  improves  productivity  and  operational 
efficiency,  and  cuts  costs. 


Each  component  of  the  AlterPath  System  is  designed  to  seamlessly  integrate 
into  the  enterprise,  able  to  scale  in  any  direction.  Whether  you  need  serial 
console  management  of  networking  equipment,  KVM  for  access  to  Windows® 
servers,  branch  management,  IPMI  or  HP  iLO  for  service  processor 
management,  or  advanced  power  management,  the  AlterPath  System  delivers. 
Cyclades  brings  it  all  together,  making  OOBI  administration  seem  like  child’s  play. 


Over  85%  of  Fortune  100 
choose  Cyclades. 
www.cyclades.com/nw 

1.888. cyclades  ■  sales@cyciades.com 

©200S  Cyllodm  Corporation  All  rights  reserved.  All  other  trodemorlts  ond  prodwt  unoges  ora  properly  eliheii  res 
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LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


•  System-wide  connectivity  locally  or  over  IP  from  any  location 
worldwide 

•  Connects  1,000  computers  to  up  to  256  user  stations 

•  .  Supports  PC,  Sun,  Apple,  USB,  UNIX, 

and  serial  devices 

•  High  quality  video  up  to  1280  x  1024 

•  Secure  encrypted  operation  with  login  and  computer  access  control 

•  Scaling,  scrolling,  and  auto-size  features 

•  View  real-time  4  computer  connections  using  the  quad-screen 
mode 


UltraMatrix™ 

E-series 

KVM  SWITCH 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status 

between  units  in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 
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The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches.  It  not  only 
provides  a  comprehensive  solution  for  remote  server  console  access,  this  access  can 
be  local  or  from  any  workstation  on  your  network  over  IP. 


■  KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 

The  RackView  offers  the  latest,  most  efficient  way  to  organize  and 
streamline  your  server  rooms  and  multiple  computers.  The 
RackView  is  a  rack  mountable  KVM  drawer  neatly  fitted  in  a 
compact  pull-out  drawer.  This  easy-glide  KVM  drawer  contains  a 
high-resolution  TFT/LCD  monitor,  a  tactile  keyboard,  and  a  high- 
resolution  touchpad  or  optical  mouse. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technolog,  at 
an  affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  users  to  as 
many  as  1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes: 
2x4,  2x8,  2x16,  4x4,  4x8,  4x16,  1x8,  and  1x16  and  either  PC  or  multi-  platform. 
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-  Input  Power  Monitoring  Facilitates  Load  Balancing 

•  Web  Interface 

SNMP,  MIB  &  Traps 


v  Integrated  Temperature  &  Humidity  Probes 
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BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight,  environment  inputs 

•  Power  sensing 

■  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

»  Expands  to  256  sensors 

•  Remote  power  control 
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Tel:  877-373-;  700 
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The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
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room,  data  center,  or  telecomm  installation  and 
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so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 
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email,  ZIP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 
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.  TAP  into  Performance 

netWOrKTAPs  ©  Monitor  mission-critical  links  with  the 

latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.Visitwww.networkTAPs.com/visibiiity  today. 
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Ethernet  Copper nTAP 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . $395 

10/100/1000 . $995 


1 0/1 00/1 000  Conversion  /?TAP 

Copper  input  with  copper  or 
fiber  output  options 
Choose  your  analysis  output: 

SX . $1,995 

LX . $1,995 


|  Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

1]  Single  channel . 

$395 

Four  channel . 

$1,795 

!  Six  channel . 

$2,395  j 
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To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  today. 

Free  overnight  delivery* 
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*Free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  12  pm  CST. 

nTAP  and  the  nTAP  logo  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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i'OI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
;  aior  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 
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Identity  exchange 

Microsoft  is  developing  technologies  to  support  a  Web- 
services  based  identity  system  that  not  only  lets  users 
control  their  personal  data,  but  provides  back-end 
services  for  the  integration  of  different  identity 
technology  such  as  Kerberos,  X.509  and  SAML. 


O  Client  makes  a  request  ©  Microsoft’s  info  Card  technology  ©  Security  Token  Service  (STS) 


to  access  application,  presents  user  with  appropriate 
which  asks  for  specific  card  or  cards,  which  can  be  stored 

pieces  of  identity  on  his  machine  or  in  a  network 
information  to  approve  directory,  that  provide  that 


sign-on. 


information.  User  clicks  on  the 
identity  card  they  want  to  send. 


negotiates  the  exchange  of 
the  identity  information  and 
acts  as  an  integration  point, 
which  can  transform  one 
identity  protocol  into  another. 


svlicrosoft 

continued  from  page  1 

Security  Assertion  Markup 
Language  (SAML). 

“The  trick  is  to  build  a  frame¬ 
work  that  all  these  security  sys¬ 
tems  can  work  in,”  says  John 
Shewchuk.CTO  of  distributed  sys¬ 
tems  for  Microsoft.  “It’s  main¬ 
frame,  it’s  Java,  it’s  everything.” 

Observers  are  applauding 
Microsoft  for  stimulating  open 
discussion  with  its  “Seven  Laws  of 
Identity’  a  manifesto  published 
last  month  on  the  blog  of  Micro¬ 
soft  Directory  Architect  Kim 
Cameron  that  lays  out  the  dynam¬ 
ics  of  digital  identity 

“The  industry  would  be  a  better 
place  if  we  can  build  on  these 
laws,”  says  Pamela  Dingle,  a  con¬ 
sultant  with  Nulli  Secundus.This 
is  a  beginning.” 

But  there  isn’t  universal  appeal 
for  Microsoft’s  implementation  of 
the  Identity  Metasystem,  de¬ 
scribed  in  a  white  paper  pub¬ 
lished  last  week. 

The  Metasystem,  in  essence,  is  a 
network  layer  that  carries  all  iden¬ 
tity  traffic  regardless  of  protocol 
or  format,  much  like  TCP/IP  car¬ 
ries  traffic  regardless  of  underly¬ 
ing  network  protocols  such  as 
Ethernet,  frame  relay  or  X.25. 

In  the  Metasystem,  when  identi¬ 
ty  data  reaches  its  destination,  a 
software-based  translator  turns 
the  data  into  the  format  needed 
to  access  a  particular  resource. 
The  Metasystem  defines  certain 
requirements  such  as  ways  to  ex¬ 
press  identity;  negotiate  the  ex¬ 
change  of  identity  data;  establish 


trust  between  network  nodes; 
and  integrate  disparate  identity 
token  formats  such  as  Kerberos 
tickets,  X.509  certificates  or  SAML 
assertions. 

Microsoft  says  users  can  plug 
their  access  control  infrastruc¬ 
tures  and  corporate  applications 
into  this  identity  architecture 
without  rewriting  any  code. 

The  rub  is  that  the  proposed 
Metasystem  relies  on  WS-Trust 
and  other  Web  services  protocols 
created  by  Microsoft  and  IBM,  a 
factor  critics  say  could  be  a  show- 
stopper  until  those  protocols  are 
submitted  to  a  standards  body 

“I’m  real  interested  to  see  if  they 
can  do  any-to-any  integration,” 


says  Dave  Miller,  chief  security 
officer  for  Covisint,  best  known 
for  creating  an  integration  hub  for 
the  automotive  industry.  “IBM 
tends  to  support  what  they  write 
and  Microsoft  is  even  worse. They 
support  their  stuff  first  and  every¬ 
one  else’s  never/ 

Microsoft’s  planned  Metasystem 
implementation  revolves  around 
a  variety  of  tools:  the  company’s 
new  technology  called  Info  Card 
that  lets  users  aggregate  their 
identity  information  and  control 
its  release;  a  middleware  technol¬ 
ogy  under  development  called 
Indigo;  Active  Directory  and  the 
Microsoft/IBM  controlled  slate  of 
Web  services  protocols,  including 


Renovator 
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50  phones,  all  IP-based,  in  Stever’s  group.  Within  a 
month  PPL  added  a  Nortel  Succession  1000  and  300 
IP  phones  in  a  nearby  building  and  tied  it  to  the  81c 
over  dual  IP  trunks.This  let  us  prove  out  trunk-  and 
line-side  IP  on  a  larger  scale,”  Stever  says. 

Both  of  those  facilities,  as  well  as  four  others  that 
were  upgraded  next,  had  been  supported  by  7,000 
lines  of  Centrex,  the  replacement  of  which  figured 
prominently  in  the  project’s  ROI  justification. 

Replacing  Centrex  eliminated  some  $100,000  in 
monthly  charges,  Stever  says.  He  agreed  to  have  $1 
million  in  Centrex  charges  removed  from  the  budget 
in  the  year  of  implementation.“That  was  a  little  chal¬ 
lenging,”  he  says.There  was  no  turning  back. 

Installation  of  those  first  hybrid  PBXs  was  com¬ 
pleted  in  the  middle  of  last  year  and,  based  on  that 
success,  the  company  started  to  roll  out  VoIP  as  the 
new  telephony  standard.  “It’s  an  evolutionary 
process”  Stever  says.  “We  continue  to  evolve  5%  to 
'  5%  of  our  lines  to  VoIP  per  year,  and  later  this  year 
should  hit  50%  penetration  across  the  company’ 

Hybrid  vs.  pure  VoIP  brought  about  concerns 
about  reliability. 

‘Our  experience  has  been  far  better  than  we  pro¬ 


jected,”  he  says.  “But  when  you  have  critical  areas 
like  a  trading  floor  that  is  trading  gas  and  electricity 
across  the  United  States,  the  thought  of  putting  pure 
IP  up  there  scared  the  hell  out  of  me.  And  we  have 
several  critical  functions  like  that.” 

Now  PPL  buys  nothing  but  IP. “As  we  replace  sys¬ 
tems  or  bring  a  new  building  oniine,  it’s  all  IP,” 
Stever  says. 

The  conversion  —  line-side  VoIP  full  IP  trunking, 
centralized  voice  maii  and  others  —  is  projected 
to  lead  to  another  $1  million  in  annual  savings  by 
the  time  the  project  is  completed  in  two  years, 
Stever  says.  “So  far  those  projections  are  right  on 
track.” 

The  new  QoS  architecture  also  has  enabled  video- 
conferencing  to  flourish.  Where  once  the  company 
had  a  handful  of  systems  linked  via  ISDN,  today  it 
has  28  IP-based  video  systems. 

One  lesson  about  convergence  that  Stever 
learned:  Integrating  voice  and  data  groups  can  pay 
dividends  in  unexpected  ways.  “Telecom  groups 
predate  IT  in  most  organizations,”  Stever  says.  “And 
many  develop  their  own  procedures  for  things  like 
outage  notifications  and  change  requests. When  we 
merged  the  groups  some  of  our  best  efficiencies 
came  from  handing  off  some  of  the  tasks  the  voice 
group  did  to  other  groups  like  the  help  desk.”B 


WS-Trust,  WS-Secure  Conversa¬ 
tion,  WS-SecurityFblicy  and  WS- 
MetadataExchange. 

“It’s  a  brave  new  world  with  a 
whole  set  of  specifications  that 
have  been  developed  outside  the 
real  world  —  at  least  outside  of 
our  real  world,”  says  Bob  Morgan, 
senior  technology  architect  at  the 
University  of  Washington  and  a 
member  of  the  steering  commit¬ 
tee  for  the  Shibboleth  federated 
identity  project  for  Internet2. 

While  IBM  announced  support 
for  WS-Trust  in  last  week’s  release 
of  Tivoli  Federated  Identity  Man¬ 
ager,  other  big-name  players  are 
holding  off. 

‘As  soon  as  WS-Trust  gets  sub¬ 
mitted  to  a  standards  organiza¬ 
tion,  Sun  will  aggressively  pursue 
implementing  the  standard  in  our 
solutions,”  says  Sara  Gates,  vice 
president  of  identity  management 
for  Sun. 

IBM’s  Tony  Nadalin,  co-author  of 
WS-Trust,  says  the  specification 
along  with  WS-Secure  Conversa¬ 
tion  is  likely  to  be  submitted  to  a 
standards  body  in  the  next  three 
to  four  months. 

Microsoft  is  balancing  its  work 
on  those  protocols,  a  strategy 
Microsoft  officials  say  was 
blessed  last  month  by  Bill  Gates, 
the  company’s  chief  software 
architect. 

WS-Trust  is  being  used  as  the 
foundation  for  what  Microsoft 
calls  Security  Token  Service 
(STS),  lightweight  gateways  for 
servers  and  clients  that  negotiate 
the  exchange  of  security  tokens, 
such  as  Kerberos  or  SAML,  and 
that  can  translate  tokens  into  dif¬ 
ferent  formats.  IBM  is  backing  the 
same  STS  model. 

The  key  is  STS  can  be  used  to 
integrate  newer  systems  that  rely 
on  SAML  with  older  systems  that 
might  use  Kerberos  or  mainframe 


security  architectures.  The  model 
is  relevant  internally  and  for 
secure  access  control  between 
partners  on  the  Internet. 

Last  week,  Microsoft  demonstrat¬ 
ed  at  the  Digital  ID  World  confer¬ 
ence  a  Win32  file  sharing  applica¬ 
tion  using  standard  Windows 
authentication  and  STS  technolo¬ 
gy  to  accept  other  security  tokens 
for  user  authentication. 

Start-up  Ping  Identity  is  working 
on  developing  STS  versions  for 
Java-based  clients  and  servers. 

On  the  desktop,  STS  is  part  of 
Info  Cards,  which  holds  various 
forms  of  user  identity  stored  local¬ 
ly  in  user  repositories  such  as 
directories.  Users  can  aggregate 
personal  data  into  what  Microsoft 
calls  “claims,”  which  contain  only 
the  information  needed  to  access 
certain  resources. 

“This  is  not  the  son  of  Passport,” 
Cameron  says,  referring  to  Micro¬ 
soft’s  failed  attempt  to  create  an 
identity  system  for  the  Internet. 

On  the  server  side,  STS  is 
deployed  in  front  of  resources  as 
an  access  control  point.  Those 
resources  can  be  configured  to 
talk  only  to  an  assigned  STS  so 
only  clients  with  approved  securi¬ 
ty  tokens  —  users  or  other  servers 
—  can  gain  access. 

Active  Directory  also  can  be 
used  as  an  STS,  and  Microsoft  offi¬ 
cials  said  a  version  of  the  directo¬ 
ry  tuned  for  that  capability  is  a 
possibility  The  forthcoming  Active 
Directory  Federation  Services, 
due  to  ship  by  year-end,  will  be 
the  first  step  toward  integrating 
identities  in  the  directory. 

Microsoft  officials  did  not  lay 
out  a  timetable  for  delivery  of  all 
the  pieces  to  build  an  infrastruc¬ 
ture  that  adheres  to  its  Identity 
Metasystem  model.  Indigo  and 
Info  Cards  are  expected  to  be  a 
part  of  Longhorn.  HE 
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TECHNOLOGY  TOUR  AND  EXPO 


This  Free  Event  is  Coming 
to  a  City  Near  You 

SANTA  ANA,  CA  |  June  7,  2005 
SAN  FRANCISCO,  CA  |  June  9,  2005 
WASHINGTON,  DC  |  June  14,  2005 
DALLAS, TX  |  June  16, 2005 


learn  the  top  10 
lessons  essential 
to  VoIP  success - 
here  are  5  of  them 

10.  How  to  present  a  VoIP  initiative,  in 
dollars  and  cents,  that  gets  your 
boss  on  board. 

9.  The  myth  behind  VoIP  cost  savings 
you  can’t  afford  to  ignore. 

8.  How  to  avoid  painful  gotchas  when 
benchmarking  and  managing  your 
network. 

7.  Simple  truths  about  adding  real-time 
collaboration  applications  to  your 
converged  infrastructure. 

6.  How  to  accurately  predict  if  your 
company  will  see  top-line 
improvements  from  converged 
applications. 

...and  5  more  at  the  event! 


VoIP 

CAPITALIZING  ON 
CONVERGENCE 


Are  you  ready  for  Vol  P? 

save  $500,000 

how  leading  edge  VoIP  managers  do  it 

convergence  =  collaboration 

5  steps  to  making  it  work 

keeping  up? 

75%  already  use  VoIP  time  to  get  in? 


oin  Johna  Till  Johnson,  President,  Chief  Research  Officer  and  Founder  of 
Nemertes  Research  and  leading  solution  partners  at  this  Network  World 
Technology  Tour  and  Expo. 


The  VoIP  revolution  has  arrived  as  fast  as  management  is  demanding  you 
capitalize  on  the  coming  convergence.  Whether  you're  in  it  knee-deep,  or  just  starting  to 
deploy,  VoIP:  Capitalizing  on  Convergence  is  the  place  to  be  for  the  answers — indeed 
the  questions — you'll  need  to  make  the  most  of  a  future  that's  decidedly  now.  You'll  gain 
valuable  lessons  and  practical  solutions  through  real-word  data  and  case  studies  from 
leading  companies  and  front-line  colleagues  who've  successfully  deployed  converged 
infrastructures.  Don't  miss  out.  Register  now  and  attend  free. 


Register  now  at  www.networkworld.com/VS5A1 
or  call  Dori  Smith  at  1-800-643-4668 
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Bell  Labs  Innovations 
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Mark  Gibbs 


The  online  music  market  battle  is 
heating  up  all  over  again.  Just 
when  you  thought  things  had 
settled  down,  along  comes  Yahoo 
with  its  Yahoo  Music  Unlimited  ser¬ 
vice  offering  unlimited  downloads 
from  a  library  of  1  million  songs  for 
$6.99  per  month. 

Consider  the  market  muscle  that  Yahoo  has  and 
that  Napster  and  RealNetworks  charge  $15  per 
month  for  similar  services.You  don’t  need  a  degree 
in  economics  to  see  that  online  music  selling  is 
going  to  change  dramatically 
What’s  the  catch  with  Yahoo  Music  Unlimited?  The 
catch  is  you  are  renting,  not  buying,  the  music. 

The  way  Yahoo  will  enforce  its  rental  scheme  is  by 
only  offering  files  encoded  in  Microsoft’s  Windows 
Media  Audio  (WMA),  which  includes  a  Digital  Rights 
Management  (DRM)  system  that  no  one  has  so  far 
managed  to  break. Through  the  DRM  system  you 
will  have  to  log  on  and  synchronize  your  collection 
with  Yahoo  at  least  once  per  month,  otherwise  your 
music  will  stop  being  playable. 

But  the  service  can’t  be  used  with  iPods  or  any 
other  device  that  doesn’t  support  WMA. 

According  to  several  reports,  music  executives  like 
this  concept.That’s  because  a  subscription  model 
allows  more  people  to  hear  a  wider  range  of  music 


without,  in  theory  the  music  copyright  holder  (pre¬ 
sumably  them)  losing  control. 

That’s  great  in  theory  Once  the  Yahoo  service  gets 
any  traction  in  the  market,  hackers  will  focus  on  the 
problem  and  it  will  be  goodbye  to  Microsoft’s  DRM. 
The  hackers  are  interested  and  active. 

There’s  already  a  work-around  available  because 
—  and  this  is  key  to  the  problem  that  everyone 
seems  to  forget  in  all  of  these  media  business 
schemes  —  it  is  all  just  bits:  Just  play  the  music  using 
whatever  WMAcompatible  player  you  please  while 
running  a  tool  like  Total  Recorder  and  you  can  grab 
the  bits  as  they  pass  through  the  audio  subsystem. 

Anyway  assuming  that  you  aren’t  going  to  “steal” 
the  music,  the  Yahoo  Music  Unlimited  rental  system 
means  that  if  you  want  to  burn  any  CDs  with  the 
tracks  you  have  downloaded  you  will  have  to  buy 
them.  Here  is  where  Yahoo  really  upsets  the  financial 
apple  cart  (or  as  we  will  discuss,  the  “Apple  cart”): 
Rather  than  the  99-cent  price  charged  everywhere 
else, Yahoo  plans  to  charge  only  79  cents. 

This  lower  pricing  per  track  is  really  important  not 
just  to  consumers  but  also  to  the  competition 
because  it’s  going  to  kick  off  a  bloody  price  war  that 
could  really  damage  some  of  the  players.  Just  con¬ 
sider  that  Napster  had  about  $139  million  in  cash 
and  equivalents  at  the  close  of  2004  and 
RealNetworks  had  about  $370  million. 


Unless  these  companies  reduce  their  pricing  to 
match  or  better  Yahoo’s,  they  could  easily  see  their 
market  shares  diminish.  Following  Yahoo’s 
announcement,  RealNetworks’  share  price  dropped 
22%  and  Napster  fell  more  than  30%. 

But  what  about  Apple,  you  ask?  Its  iTunes  service  is 
the  800-pound  gorilla  of  the  online  music  business 
and  obviously  the  company’s  cash  reserves  are 
rather  greater  than  the  other  players  (as  of 
December,  Apple  had  $6.5  billion  in  cash,  cash 
equivalents  and  short-term  investments)  and  even  its 
share  took  a  3%  hit  on  the  Yahoo  news. 

This  makes  sense,  as  the  potential  affect  of  Yahoo 
Music  Unlimited  on  iTunes  could  be  significant. The 
Yahoo  service  is  not  only  less  expensive  per  track 
but  also  lets  you  download  and  listen  to  any  amount 
of  DRM-controlled  music  you  please,  a  far  better 
deal  as  far  as  consumers  are  concerned. 

Unless  they  can  change  their  business  models, 
Napster,  RealNetworks  and  even  Apple  stand  to  lose 
their  relevance  to  the  online  music  business.  Despite 
their  endless  whining,  griping  and  posturing,  the 
record  companies  (along  with  consumers)  will  be 
the  ultimate  winners.There  is  no  justice. 

Sing  you  song  to  backspin@gibbs.  com  and  check  the 
lyrics  on  Gearblog  (www.networkworld.com/ 
weblogs/ gearblog). 


Online  music:  Consumers  will  win,  but  no  justice 
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News,  insights,  opinions  and  oddities 


By  Paul  McNamara 

Readers  get  their  turn 

It's  been  too  long  since  I’ve  turned 
this  forum  over  to  reader  e-mail,  so 

here  goes: 

A  recent  column  about  Stamps.com  described  its  acceptable-use  policy  that 
threatens  legal  action  against  anyone  who  circumvents  the  company’s  screen¬ 
ing  system  to  buy  customized  postage  that  depicts  a  celebrity  or  criminal  — 
which  is  prohibited  —  and  then  brags  about  it  publicly. 

“I  can’t  believe  that  Stamps.com  actually  thinks  that  its  non-publicize  paragraph 
would  stand  up  in  court,”  writes  Jeff  Janner.  “I’m  no  lawyer,  but  I'm  pretty  sure 
that  you  can’t  assign  blame  for  your  own  failings  onto  someone  else.  With  that 
clause,  they  could  do  away  with  any  oversight  of  what's  being  submitted  and/or 
produced  and  then  sue  for  damages  if  it  becomes  known  that  they  are  allowing 
such  violations. . .  .That  said,  I  expect  to  see  Microsoft  start  including  a  similar 
paragraph  in  all  of  its  license  agreements.” 

My  tut-tutting  over  the  latest  batch  of  campus  music  thieves  having  done 
their  dirty  deeds  via  lnternot2  was  overblown,  according  to  one  reader. 

“Most  students  don't  know  about  Internet2,  nor  do  they  care,”  writes  Craig 
Paul,  an  IT  professional  at  the  University  of  Kansas.  “They  just  access  ‘the 
Internet’  and  if  the  link  is  faster,  so  much  the  better.  So  all  the  fuss  about 
Internet2  and  stealing  is  a  bit  of  a  false  alarm.  Our  commodity  Internet  connec¬ 
tion  is  nearly  as  fast  as  our  Internet2  connection!” 

A  column  about  ComputerRepair.com  brought  a  number  of  criticisms  from 
readers  who  dislike  the  idea  of  an  online  marketplace  that  requires  IT  profes¬ 
sionals  to  work  for  a  fixed  fee  per  job. 

”1  have  had  no  experience  with  ComputerRepair.com  and  I  never  will,"  writes 
Philip  Overman.  “The  business  model  may  be  great  for  the  owner  but  it  is  not 
for  the  IT  professionals  that  have  to  work  to  fixed-amount  jobs.The  IT  busi¬ 


ness  is  too  complex  to  be  able  to  define  narrow  scopes  of  work  or  to  be  able  to 
determine  the  amount  of  time  it  takes  to  perform  those  scopes.” 

A  column  about  the  explosion  of  interest  in  mobile  text  messaging  brought 
this  note  of  concern  from  a  reader: 

"Cell  phone  users  and  driving  is  bad/dangerous  enough,”  writes  Don  Cherry, 
“so  can  you  imagine  the  potential  problem  of  driving  and  using  text  messag¬ 
ing?  And  the  drivers  being  teenagers,  no  less.  Some  serious  consideration 
needs  to  be  applied  to  cell  phone  use  in  vehicles.” 

My  rant  about  pseudo-journalists  who  accept  money  from  vendors  to  go  on 
TV  nows  programs  and  tout  their  products  drew  a  heartening  number  of  sup¬ 
portive  messages.The  column  explained  that  we  don’t  do  that  here  and  carried 
the  headline:  "We’re  not  for  sale." 

"Thank  you  for  your  editorial  disclosure  about  Network  World  not  being  on 
the  take,”  writes  Joe  Kwak.  "It  is  a  sad  thing  in  this  day  and  age  that  editorial 
objectivity  needs  to  be  affirmed  and  reaffirmed.  As  they  say,  it  is  sometimes 
the  acts  of  a  few  that  ruins  it  for  the  many." 

Another  piece  attempted  to  debunk  a  Stanford  spam  study  that  said  the  typi¬ 
cal  worker  spends  10  full  workdays  a  year —  a  minute  and  a  half  every  hour  — 
shoveling  junk  e-mail.  A  number  of  readers  called  me  ali  wet  over  that  one,  and 
then  there  was  this  take: 

"Reading  your  column  got  me  thinking  about  spam,  and  I  came  to  a  really 
depressing  conclusion,”  writes  Jim  Corny.  “Overail,  the  internet  infrastructure 
is  like  Gulliver  in  Liliiput,  a  helpless  giant  being  tied  down  by  the  littio  people 
doing  spamming.  Collectively  the  Internet  has  been  unable  to  solve  this  prob¬ 
lem!  Despite  all  the  smart  people,  all  the  technology,  they  arc  collectively 
unable  to  devise  and  implement  a  plan  that  would  prevent  massive  spamming.” 

Depressing  is  the  right  word,  all  right. 

Now  that  I’ve  made  more  room,  you  should  know  that  the  address  is 
buzz@nww.com. 
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We  triple-dog-dare  you. 


Trojans ,  worms,  viruses,  and  application  attacks  don't  scare  the 
all-in-one  Sidewinder  Gf Security  Appliance.  It  scares  them! 

It  detects  and  stops  them.  It  protects  thousands  of  networks  all 
over  the  world  and  it  can  protect  yours.  It  includes  the  world's 
strongest  application-layer  firewall  that  has  never  been  compro¬ 
mised.  You  can  even  add  optional  anti-virus,  anti-spam,  e-mail 
and  Web  content  filtering,  SSL  VPN,  and  more. 

For  a  free  evaluation ,  call  1  800  379-4944. 

New  Security  Assessment  Report  Available!  Read  Black  Hat  Consulting's 
Security  Assessment  Report  on  the  Sidewinder  G2  Security  Appliance.  This 
report  details  how  this  appliance  handles  real-world  attack  methodologies, 
ranging  from  layer  two  to  layer  seven  attack  methods  as  referenced  against 
the  OSI  model.  Visit  www.securecomputing.com/goto/blackhat 


f  SIDEWINDER  G> 

SECURITY  APPLIANCE 

Firewall/Security  Appliance 
Sidewinder  62”  Security  Appliance 
Sidewinder  G2f  Enterprise  Manager 

Strong  Authentication 
SafeWord"  RemoteAccess" 

SafeWord’  RemoteAccess,'”  Cisco  compatible 
SafeWord®  PremierAccess' 

SafeWord'  for  Check  Point 
SafeWord®  for  Citrix’  MetaFrame® 

SafeWord*  for  Nortel  Networks 

Web  Filtering 

SmartFilter*  Sentian,’’’  Bess® 


COMMON  CRITERIA 

EAL4*  CERTIFIED 


Securing  the  connections  between  people,  applications,  and  networks ,u 

All  trademarks  used  herein  belong  to  their  respective  owners 


www.securecomputing.com 
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ADTRAN 


802.3af 
Power  over 
Ethernet 


NetVanta  1224R/1224STR  Series 

All-in-One  Access  Platform  with 
Switch/Router/FirewallA/PN/DSU/CSU 


NetVanta  1224/1224ST  Series 

Managed  Fast  Ethernet  and 
Powered  Ethernet  Switches 


NetVanta  1524ST 

Managed  Gigabit  Ethernet  Switch 


The  right 
technology 

(at  the 
right  price). 


NetVanta  Switches,  Routers,  and  VPN  Solutions. 


NetVanta  340 

Business-class  ADSL2+  Router 


NetVanta  3200 

Modular  2xT1/ADSL2+  Branch  Office 
Routers  with  Firewall/VPN/Voice/Dial  Backup 


NetVanta  3205/3305/4305 

Modular  2xTl/3xT1/8xT1  Routers  with 
Firewall/VPN/Voice/Dial  Backup 


NetVanta  2300/2400 

Medium  to  Large  Office  VPN 
Gateways,  with  Firewall  '■ 
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Lower  network 
costs  without 
compromising 
quality,  performance, 
or  support  —  with 
NetVanta. 


Is  voice  and  data  networking  costing  you  more  than  it  should? 

You  no  longer  have  to  pay  premium  prices  for  brand  name 
gear  to  perform  customary  internetworking  tasks.  With  the 
NetVanta  Series  from  ADTRAN  ,  you  can  implement  the  exact 
internetivorking  functionality  you  need,  at  a  cost  that’s 
often  50%  less  than  competing  brand  name  solutions. 
Choose  from  switching ,  routing,  andVPN platforms. 
Modular  chassis  and  deep  product  lines  let  you  pick 
and  choose  just  the  right  solution  for  any  application  — 
data,  voice,  VoIP,  Internet,  backup,  and  management  - 
across  networks  ranging  from  56  kbps  to  GigE.  Every 
solution  is  hacked  by  a  100%  satisfaction  guarantee  from 
ADTRAN,  unlimited  telephone  technical  support  (before  and 
after  the  sale), Tree  firmware  upgrades,  and  a  full  5-year  warranty. 

Why  pay  more  (when  you  don’t  have  to)? 


Register  to  win  a  free  NetVanta  1224STR  now! 

www.adtran.com/rightprice 


Have  a  question  about  network  design?  How  to  implement 
VoIP  in  your  network?  Our  network  engineers  are  standing  by 

800  597  9602  Technical  Questions 
877  280  8416  Where  to  Buy 


The  Network  Access  Company 


ADIRAri 


